Bugcrowd believes that hackers are the superheroes of the internet. Like any good superhero, there are some guardrails hackers have to stay within in order to keep protecting the citizens without causing too much chaos. We call those sets of rules our Code of Conduct. Our Code of Conduct will help guide the hacker community toward ethical, responsible, and harmonious behavior with organizations, Bugcrowd staff, and other hackers. It serves as a foundation for building trust, maintaining professionalism, and contributing to the positive development of our community.
To help hackers understand the outcome of violating the Bugcrowd Code of Conduct, we have outlined our Platform Behavior Standards. Our Platform Behavior Standards are in place to help the hacker community better understand unacceptable issues and behaviors on our platform. It also includes our Enforcement Action, which outlines what measures are taken when we become aware of an incident.
Platform Behavior Standard Categories
There are four Platform Behavior Standard Categories in the Bugcrowd Code of Conduct. They are:
- Disruptive testing
- Disruptive/aggressive behavior
- Disclosure threats
- Unauthorized disclosure
Here is a quick breakdown of the four categories.
Disruptive testing
Disruptive testing is a form of security testing where a hacker intentionally attempts to disrupt or impair the normal functioning of a system or network to identify vulnerabilities and weaknesses. The primary goal of disruptive testing is to simulate real-world scenarios in which an attacker might attempt to disrupt a system’s operations.
Disruptive testing is an issue when a hacker isn’t given explicit permission by the organization and causes harm to production systems or overloads them. When you bruteforce a system, you may negatively affect real-life environments or manipulate actual accounts of actual users.
Disruptive/aggressive behavior
Disruptive or aggressive behavior may include testing which causes a disruption for the program owner, spamming for updates in submissions, submitting a high volume of tickets to support, or using unprofessional language.
It’s important to speak professionally and kindly to program owners to build trust, establish clear communication, and minimize damage. Without these important expectations, you may lose hacking privileges with that organization, with Bugcrowd, or damage your reputation as a professional hacker.
Disclosure threats
Disclosure threats refer to situations where an individual threatens to disclose sensitive information or vulnerabilities unless certain demands are met.
We understand that this can be frustrating, but it’s important to come at these instances with a collaborative spirit. It’s ok to ask an organization if they are open to disclosure, but be understanding of whatever their response is. Oftentimes, findings are very sensitive for a company and it’s part of your arrangement with them to respect that.
Unauthorized disclosure
Unauthorized disclosure involves the release of sensitive information without permission. This could include the exposure of confidential data, trade secrets, or other proprietary information.
Similar to disclosure threats, unauthorized disclosures are a breach of trust with the organization and will lose you not only access to the Bugcrowd platform, but will also damage your reputation as a professional hacker.
Hacking with the Bugcrowd community is a fun, exciting, and most importantly, safe experience. In order to keep it that way, we ask that everyone operate within the Bugcrowd ethical framework designed to keep you, Bugcrowd staff, and customers safe and cared for. Unauthorized and malicious activities, such as disruptive or aggressive behavior, disclosure threats, and unauthorized disclosure, are against Bugcrowd policy and should be avoided at all times.
If you have any further questions about our Code of Conduct, our Platform Behavior Standards, or what they lead to, please don’t hesitate to contact Bugcrowd support by submitting a ticket through the Bugcrowd Support portal.
