Bug Bounty Program

Help Us Improve: Reporting Bugs and Vulnerabilities

At Alive5, we acknowledge that even the best of us can make mistakes. That's why we welcome your assistance in identifying and reporting any bugs or vulnerabilities you come across. To report such issues, kindly send an email to security@alive5.com and provide the following details:

  • A description of the identified vulnerability.
  • A step-by-step guide on how to exploit the vulnerability.
  • You MUST include your credentials: name and a link to your LinkedIn or HackerOne account.

Earn cash rewards up to $300

or company swag!

When you report a bug to us, we are committed to promptly investigating and addressing it. Our response time is set at a maximum of 14 business days. The reward you receive for your bug report will vary based on the severity of the vulnerability.

Contact Us

Where to Start

Applicable Domains/Sites

Contact Us

Vulnerability Severity Levels

Low

Vulnerabilities with a lower likelihood of exploitation, potentially leading to minimal compromise of resource confidentiality, integrity, or availability in rare scenarios.

These vulnerability types demand unusual conditions for successful exploitation and, if compromised, result in minimal consequences.

They exhibit susceptibility to external, uncomplicated, single-actor, logic-based attacks, causing minor performance degradation in critical systems or products.

Medium

These vulnerabilities may pose a challenge for exploitation, yet they still carry the potential for compromising resource confidentiality, integrity, or availability in specific situations.

These vulnerabilities, while possessing the potential for critical or high impact, are less susceptible to exploitation based on a technical assessment of the flaw, particularly when targeting unlikely configurations.

They exhibit vulnerability to external, straightforward, single-actor, logic-based attacks that can lead to measurable performance degradation in one or more critical systems or products.

High

Vulnerabilities capable of jeopardizing the confidentiality, integrity, or availability of both production and corporate resources and data.


Vulnerabilities susceptible to exploitation by internal and/or external attackers, whether authenticated or not, which can result in system compromise or exposure of highly sensitive customer data without user interaction.


Vulnerabilities that grant local users the ability to escalate their privileges.

Vulnerabilities that enable unauthenticated remote users to access sensitive information.

Predisposition to external, uncomplicated, single-actor, logic-based attacks leading to significant performance degradation in one or more critical systems or products.

Critical

Vulnerabilities with the potential to jeopardize the confidentiality, integrity, or availability of production and corporate resources or data, often with minimal exploitation complexity and attacker expertise.

Vulnerabilities susceptible to easy exploitation by remote or unauthenticated attackers, leading to system compromise or exposure of highly sensitive customer data, all without any user interaction.

Successful exploitation of a vulnerability that leads to a complete compromise of servers or infrastructure devices at the root level.

Terms and Conditions

We will test the bug and respond to you within 14 business days. Depending on the severity of the vulnerability, you will receive company swag or a cash reward of between $30 and $300 contingent of the requirements listed:

Requirements:

  • Vulnerabilities must be found on the above 'Applicable Domains/Sites'.
  • A description of the identified vulnerability.
  • A step-by-step guide on how to exploit the vulnerability.
  • You MUST include your credentials: name and a link to your LinkedIn or HackerOne account.
  • Vulnerability must not have already been addressed by a previous bug bounty.
Share by: