Information Sharing and Analysis Center

Information Sharing and Analysis Center

An international non-profit, solving large problems impacting the connected, digital world on cyber security.

Bug Bounty Code of Conduct

The Clean Exit Bug Bounty Code of Conduct is applicable to all professionals who undertake the Certified Bug Bounty Researcher program.

01  Interviews

Do not give media interviews or quotes on your findings or disclosures unless a formal CVE has been attributed or approval has been obtained by affected vendors for your research.

02  Social Media

Do not disclose your findings on any vulnerability, including a basic description, company or vendor affected, etc. unless more than 180 days have passed without active response by the affected vendor

03  No exploitation

Do not mislead customers, vendors, or any bug bounty platforms or download confidential data for exploitation or extortion of the affected party

04  Testing

Do not engage in disruptive testing that can impact the customer business or a production environment. Be responsible with your skills!

05  Misconduct

Do not engage in misconduct, unauthorized disclosure, offensive or abusive language, download personal information or engage in unethical behavior

06  Process

Respect the disclosure process and have patience while communicating. Adhere to non-disclosure terms and related terms and conditions of respective platforms