Bug Bounty Program

  1. The Bug Bounty program incentivizes security research or identification of bugs for our products except for approaches relying on phishing, social engineering, or similar techniques. Bounty awards are granted solely at our exclusive discretion and are subject to Lithero policies and these terms and conditions. The Bounty program does not extend to third-party services although we will consider rewards for nonpublic reports relating to services used by Lithero. These are reports only and we do not endorse attempted hacking on third party services.
  2. Harassing, threatening, or unlawful messages are a violation of our policies. Any such messages may be reported to law enforcement.
  3. You must not disrupt, compromise, inappropriately access, store, or damage: a. Data or property (including a device) that you do not own, unless the data or property owner has given you express, written consent to disrupt, compromise, or damage the data or property; or b. Lithero services products in a manner that may affect other users. Adverse effects solely impacting you are allowed.
  4. For a reported security vulnerability to be eligible for a bounty award, you must not disclose it to anyone other than Lithero until after the reported security vulnerability has been patched.
  5. For avoidance of doubt, participants may only attempt to copy, decompile, reverse engineer, disassemble, attempt to derive the source code of, decrypt, modify, or create derivative works from a Lithero product during good-faith security research, which was — or was intended to be — responsibly reported to Lithero. Neither the actions nor the participant may otherwise violate or exceed the scope of these terms and conditions.
  6. You must comply with all applicable laws (including directives, regulations, and ordinances), including those of the country or region in which you reside or in which you download or use Lithero’s products.
  7. Bounty awards may not be paid to you if you are in any U.S. embargoed countries or on the U.S. Treasury Department’s list of Specially Designated Nationals, the U.S. Department of Commerce Denied Person’s List or Entity List, or any other restricted party lists.
  8. To be considered for a reward, bugs must be the first report via email to security@lithero.com with sufficient details to enable an engineer to replicate the bug
  9. You are responsible for the payment of all applicable taxes.
Update cookies preferences