Bug Bounty programs

6ix IT launch this bug bounty program to improve global security over the Internet. Privacy and personnal data becomes more and more sensitive, that's why we offer this bug bounty program platform.

As a company you can offer as much bug boutny programs (and rewards) as you want. Describe your application and what part you want to be tested. Code source analysis, pentest or malwar analysis (reverse enginnering), just setup your needs. The CrowdSec community will handle it and start to finds bugs.

Responsible Disclosure Policy

If you found a security vulnerability on any bug bounty program presented on this platform, we highly encourage you to let us know, by privately disclosing theses informations using our platform.
We consider the data privacy our highest priority.
To make sure we and the company fully understand the reported vulnerability, please include as much information in your description as possible, and list a way to reproduce the issue in your email.

Do not make your research or findings public or share them with third parties, before the company deploy a fix for the reported vulnerabilities.

Upon receipt of your report we will send you a confirmation within 48 hours on a business day. Please allow a reasonable time for us to investigate your findings and take the appropriate measures. Always ensure to act in good faith towards our customers’ data and avoid any privacy violations in the course of your research and disclosure. Crowdsec do not tolerate the unauthorized modification, destruction of users data, interruption or degradation of our customers services.

White hat researchers are obviously welcomed; Crowdsec and company will not take legal action against you or your account as long as you comply with our policy of responsible disclosure.

To participate on any Crowdsec program, you must:

Reside in a country not under any current U.S. Sanctions (e.g., North Korea, Libya, Cuba, etc.)

Our security team will review each bug to determine if it qualifies.