Bug Bounty Program

📋 Program Scope

Our bug bounty program covers security vulnerabilities in Belvixwallet hardware and software. We encourage responsible disclosure and reward researchers who help us improve our security.

In Scope

Out of Scope

• Vulnerabilities in third-party services not under our control
• Social engineering attacks
• Physical attacks requiring device modification
• Denial of service attacks on our infrastructure
• Issues already reported or known to us
• Vulnerabilities requiring unlikely user interaction

📜 Program Rules

Responsible Disclosure

• Report vulnerabilities directly to us before public disclosure
• Provide sufficient details for reproduction
• Allow reasonable time for us to address the issue (90 days)
• Do not exploit vulnerabilities beyond proof of concept
• Do not access or modify user data

Eligibility

• Must be the first to report the vulnerability
• Must not be an employee or contractor of Belvixwallet
• Must comply with all applicable laws
• Must be 18 years or older, or have parental consent
• Cannot be a resident of sanctioned countries

What We Promise

• Acknowledge receipt within 48 hours
• Initial assessment within 7 days
• Regular updates on remediation progress
• Fair bounty determination based on impact
• Public recognition (if desired)
• No legal action for good faith research

🚀 Submission Process

Step 1: Discovery

Identify a security vulnerability in our products or services within scope.

Step 2: Documentation

Document the vulnerability with:

• Clear description of the issue
• Steps to reproduce
• Proof of concept code or screenshots
• Impact assessment
• Suggested remediation (optional)

Step 3: Report

Submit your report through our secure channel with all documentation.

Step 4: Review

Our security team will review and validate your submission.

Step 5: Reward

Receive your bounty based on the severity and impact of the vulnerability.