Bug Bounty Code of Conduct
The Clean Exit Bug Bounty Code of Conduct is applicable to all professionals who undertake the Certified Bug Bounty Researcher program.
01 Interviews
Do not give media interviews or quotes on your findings or disclosures unless a formal CVE has been attributed or approval has been obtained by affected vendors for your research.
02 Social Media
Do not disclose your findings on any vulnerability, including a basic description, company or vendor affected, etc. unless more than 180 days have passed without active response by the affected vendor
03 No exploitation
Do not mislead customers, vendors, or any bug bounty platforms or download confidential data for exploitation or extortion of the affected party
04 Testing
Do not engage in disruptive testing that can impact the customer business or a production environment. Be responsible with your skills!
05 Misconduct
Do not engage in misconduct, unauthorized disclosure, offensive or abusive language, download personal information or engage in unethical behavior
06 Process
Respect the disclosure process and have patience while communicating. Adhere to non-disclosure terms and related terms and conditions of respective platforms