Bug Bounty Program

Closed!

🔔 Bug Bounty Program Update
 Thank you to researchers who have submitted findings and contributed to strengthening our platform’s security. We’ve received a high volume of reports—many for the same vulnerabilities—and need time to review them thoroughly.
As a result, we are not accepting new submissions until March 25, 2026. Please note that any submissions sent before that date will not be reviewed or responded to.
We truly appreciate your effort, time, and commitment to responsible disclosure, and we look forward to reopening the program on that date.

 

At Octerra, we prioritize the security and integrity of our software and the safety of our users. To ensure our platform remains robust and resilient, we invite security researchers, ethical hackers, and anyone with a knack for finding vulnerabilities to participate in our Bug Bounty Program. Your efforts help us maintain the highest standards of security, and we value your contribution immensely. To register as a good-faith security researcher, please submit requests to security@octerra.com.

Third-Party Bugs

If issues reported to our Bug Bounty Program affect a third-party, external project, or another vendor, Octerra reserves the right to forward details of the issue to that party. We will do our best to coordinate and communicate with researchers throughout this process.

Responsible Disclosure Submission Guidelines

We will investigate legitimate reports and make every effort to correct any vulnerability. To ensure a smooth and effective process and encourage responsible reporting, please follow these guidelines when submitting your findings:

  1. "Responsible Disclosure": Add these words to the subject of your email so that we don't miss your submission. 
  2. Detailed Report: Provide a clear and concise description of the vulnerability, including steps to reproduce and validate the issue. Be sure to include things like your browser/user agent, the target URL and your proposed mitigation/solution.
  3. Proof of Concept: Include necessary code, screenshots, and videos that demonstrate the vulnerability.
  4. Impact Assessment: Explain the potential impact of the vulnerability and how it can be exploited.

We further ask that you:

- Do not exploit the vulnerability beyond what is necessary to confirm its existence.

- Do not disclose the vulnerability publicly.

- Do not modify or access data that does not belong to you.

- Respect user privacy and data confidentiality during your testing.

Rewards

We may offer a reward based on the severity and impact of the reported vulnerability. Rewards are granted at the discretion of the Octerra security team, based on the impact and quality of the report as assessed by our experts. If multiple participants report the same vulnerability, we will recognize the first submission received when determining eligibility for any potential reward.

How to Submit

Please submit your vulnerability reports via our dedicated security email: security@octerra.com. Ensure that your report is encrypted if it contains sensitive information. We will acknowledge receipt of your report within 3-5 business days and provide regular updates as we investigate and address the issue. It may take up to 180 days for the review/investigation process to be completed.

Legal

Your participation in the Bug Bounty Program must adhere to our Terms of Use and Privacy Policy and may require the signing of a Non-Disclosure Agreement. Any activities that are illegal, violate user privacy, or disrupt our services will disqualify you from receiving a reward and may result in legal action.

Contact Us

If you have any questions about the Bug Bounty Program or need further clarification, please reach out to our security team at security@octerra.com.

Thank you for helping us keep Octerra secure!