diff --git a/independent-programs.yml b/independent-programs.yml index 57af9f0..13e48f8 100644 --- a/independent-programs.yml +++ b/independent-programs.yml @@ -357,6 +357,49 @@ companies: - '*.dnslookup.pro' hall_of_fame_url: https://dnslookup.pro/security +- company: Fluxer + url: https://fluxer.app/security + contact: mailto:security@fluxer.app + rewards: + - '*bounty' + - '*recognition' + program_type: bounty + status: active + preferred_languages: English + description: Fluxer may award a Bug Hunter badge and Fluxer Plutonium gift codes for valid reports. + excluded_methods: + - dos + - social_engineering + - phishing + - physical_access + - automated_scanning + out_of_scope: + - Third-party services and infrastructure we do not control, including partner communities' independent integrations, bots, and external hosting providers. + - Physical security + - Social engineering + - Phishing + - Bribery + - Coercion + - Attempts to manipulate Fluxer staff or users are also out of scope. + - DoS attacks + - Traffic flooding + - Resource exhaustion testing + - Noisy automated scanning + - Bulk testing without a clear impact + - General UI bugs + - Feature requests and ordinary support issues are out of scope + - Application-layer DoS vulnerabilities that can be demonstrated with a single unauthenticated request or a small number of requests may be reported, but do not actively exploit them at scale. + - Issues in forked, modified, or outdated self-hosted deployments are out of scope unless they are reproducible on the latest official release. Low-impact or theoretical findings, such as missing best-practice headers, are usually not prioritised unless you can show a realistic attack path and concrete security impact. + domains: + - '*.fluxer.app' + - '*.fluxer.gg' + - '*.fluxer.gift' + - '*.fluxerapp.com' + - '*.fluxer.dev' + - '*.fluxerusercontent.com' + - '*.fluxerstatic.com' + - '*.fluxer.media' + - company: foundation.xyz url: https://foundation.xyz/responsible-disclosure/ contact: mailto:security@foundation.xyz