Overview
At Cetbix Ltd, the security and integrity of our applications and the safety of our users are paramount. To strengthen our cybersecurity posture, we are excited to launch the Cetbix Bug Bounty Program. This program invites security researchers and ethical hackers to responsibly discover and report potential security vulnerabilities in our systems.
Purpose
The primary goal of this Bug Bounty Program is to encourage responsible vulnerability disclosure, allowing us to proactively identify and remediate security issues before they can be exploited by malicious actors. We value the contributions of the global security community and offer rewards commensurate with the severity of the vulnerabilities discovered.
Scope
The following assets are in scope for this program:
Cetbix official websites and web applications (e.g., cetbix.com)
Public APIs provided by Cetbix
Mobile applications published and maintained by Cetbix Ltd: All mobile apps published and maintained by Cetbix Ltd on platforms like iOS and Android. Testing should focus on client-side vulnerabilities, authentication, data storage, and communication security.
Related backend systems under Cetbix ownership
The following are out of scope:
Third-party services or integrations not maintained by Cetbix
Social engineering, phishing, or physical intrusion attempts
Denial of Service (DoS) attacks that impact availability without identifying exploitable vulnerabilities
Related infrastructure not owned by Cetbix
Vulnerabilities Covered
We focus on identifying security issues that could critically impact our systems and users. Examples of critical vulnerabilities covered include:
Remote Code Execution (RCE)
SQL Injection (SQLi)
Cross-Site Scripting (XSS)
Privilege Escalation
Insecure Direct Object Reference (IDOR)
Server-Side Request Forgery (SSRF)
Authentication Bypass
Business Logic Flaws
Security Misconfiguration
Broken Access Control
Sensitive Data Exposure
Cross-Site Request Forgery (CSRF)
XML External Entity (XXE) Injection
Insecure Deserialization
API vulnerabilities
Reports of these vulnerabilities help us prioritize and respond swiftly to protect our ecosystem.
How to Submit a Report
Please submit all vulnerability reports securely through our dedicated email: bounty_team@cetbix.com.
Alternatively, we support encrypted submission—contact us for the necessary encryption keys.
When submitting your report, please include:
A clear description of the vulnerability
Steps to reproduce the issue, including relevant URLs and payloads
Impact assessment and potential risks if exploited
Supporting evidence such as screenshots, logs, or proof-of-concept code
Reward Structure
Rewards will be issued based on the severity and impact of the vulnerability:
| Critical | $40 - $50 |
| High | $30 - $40 |
| Medium | $10 - $30 |
| Low | Recognition only |
Only test systems listed as in scope.
Do not disrupt service or impact other users during testing.
Respect user privacy and confidentiality.
Avoid duplicate reports; disclose new and valid issues only.
Cease testing immediately if you encounter sensitive user data.
Reports that violate laws or ethics will be disqualified.
Legal Safe Harbor
Researchers participating in this program and following the outlined rules will be protected from legal action by Cetbix Ltd concerning their authorized testing activities under this program. Researchers who follow program rules will not face legal actions from Cetbix related to authorized testing.
Program Update Commitment
We commit to acknowledging your reports promptly, keeping you informed during the verification and remediation process.
Thank you for helping us keep Cetbix safe and secure.
