We provide financial rewards to independent security researchers who find exploits in our systems. You must have a valid PayPal account to receive cash rewards.
Before you begin
- You should make a good faith effort to not leak or destroy data. *
- You should not make your exploit public knowledge until it has been resolved.
- You should be able to demonstrate and explain your exploit completely to one of our developers.
- You should not use scanners or automated tools as they are noisy.
* If you believe testing your exploit could cause harm to Whatbox or our customers, please contact our staff for access to an isolated server to test on. User privacy should be maintained as much as possible.
Due to the breadth of our infrastructure the security program has been divided categorically. Please visit the appropriate section for rules and reward information on the component you will be testing.
|Primary website||Security flaws on the whatbox.ca website|
|Distribution servers||(Coming soon) Security flaws affecting the *.whatbox.ca servers|