Bug Bounty Program

Reward Structure

Critical

$5,000 - $10,000

• Remote code execution
• SQL injection with data access
• Authentication bypass
• Privilege escalation to admin

High

$1,000 - $5,000

• Stored XSS
• CSRF on critical functions
• Significant data exposure
• Server-side request forgery

Medium

$250 - $1,000

• Reflected XSS
• CSRF on non-critical functions
• Information disclosure
• Broken access control

Low

$100 - $250

• Security misconfigurations
• Missing security headers
• Cookie security issues
• Minor information disclosure

Note: Reward amounts are determined by severity, impact, and quality of the report. We reserve the right to adjust rewards based on these factors.

Program Scope

In Scope

Web Application: https://*.sentrynix.com
API Endpoints: https://api.sentrynix.com/*
Dashboard: https://app.sentrynix.com/*
Mobile Apps: iOS and Android applications
Browser Extensions: Chrome, Firefox, Edge

Out of Scope

Third-party services and websites
Vulnerabilities in outdated browsers or plugins
Social engineering attacks
Denial of Service (DoS/DDoS) attacks
Physical security issues
Issues requiring physical access to devices
Previously known vulnerabilities
Spam or phishing attacks

Eligibility

You must be the first person to report the vulnerability
The vulnerability must be original and previously unknown to us
You must follow our Responsible Disclosure Policy
You must provide clear steps to reproduce the vulnerability
You must not publicly disclose the vulnerability until it's been fixed
You must not be a current or former employee, contractor, or family member
You must comply with all applicable laws and regulations

How to Participate

Find a Vulnerability

Test our in-scope assets following responsible disclosure guidelines. Use your own test accounts.

Submit Your Report

Email us at security@sentrynix.com with:

Detailed description of the vulnerability
Steps to reproduce
Proof of concept (screenshots, code, etc.)
Potential impact assessment

We Investigate

Our security team will review your report, validate the vulnerability, and assess its severity and impact.

Get Rewarded

Once we've verified and fixed the vulnerability, we'll send you a reward based on severity. Payment via PayPal, bank transfer, or cryptocurrency.

Hall of Fame

With your permission, we'll add you to our Security Researchers Hall of Fame to recognize your contribution.

Hall of Fame

We're grateful to the following security researchers who have helped make SentryNix more secure:

Our Hall of Fame will be populated as we receive and validate security reports. Be the first to help secure SentryNix!

Program Rules

By participating in the SentryNix Bug Bounty Program, you agree to:

Follow all applicable local, state, national, and international laws
Not violate the privacy of our users or access their data
Not perform actions that could harm the availability of our services
Not exploit the vulnerability beyond what is necessary to prove it exists
Provide us exclusive opportunity to validate and fix the issue before disclosure
Allow us up to 90 days to remediate the issue before public disclosure
Cooperate with us throughout the investigation and remediation process

We reserve the right to modify or discontinue this program at any time. Reward decisions are final and at our discretion.

Ready to Get Started?

Start hunting for vulnerabilities and help us make SentryNix more secure. Read our disclosure policy and begin testing.

Read Disclosure Policy Contact Security Team

This Bug Bounty Program is subject to change. Last updated: 11/13/2025

Bug Bounty Program

Up to $10,000

Fast Response

Hall of Fame

Reward Structure

Critical

High

Medium

Low

Program Scope

In Scope

Out of Scope

Eligibility

How to Participate

Find a Vulnerability

Submit Your Report

We Investigate

Get Rewarded

Hall of Fame

Hall of Fame

Program Rules

Ready to Get Started?