Security Vulnerability Disclosure Program

Last Updated: [Jul 3, 2021]

Report Security Issues

If you’ve discovered a potential security vulnerability on hugnana.com, we appreciate your help in responsibly disclosing it.

To Report:
📧 Email: [email protected]
🔒 Subject Line: “Security Vulnerability Report – [Brief Description]”

Note: This program covers hugnana.com systems only. Third-party services are excluded.

Responsible Disclosure Guidelines

By participating, you agree to:

No Harm
- Avoid unauthorized data access/destruction
- Do not exploit the vulnerability (e.g., exfiltrate data, disrupt services)
Privacy Protection
- Never interact with user accounts without explicit owner consent
Disclosure Timeline
- Allow 90 days for remediation before public disclosure
Legal Safe Harbor
- We will not pursue legal action against researchers acting in good faith

Bounty Program Eligibility

Rewards are granted at our discretion based on:
✔ Vulnerability impact (see tiers below)
✔ Quality of report (steps to reproduce, evidence)
✔ First-reported duplicates only

Exclusions:

Vulnerabilities requiring physical access/phishing
Theoretical issues without PoC
Low-risk UI/UX bugs

Reward Tiers

Severity	Examples	Max Reward
Critical ($200)	Remote code execution, SQL injection	$200
High ($100)	Auth bypass, stored XSS	$100
Medium ($50)	CSRF, logic flaws	$50
Low (Acknowledgement)	Open redirects, minor info leaks	—

Submission Requirements

Include in your report:

Vulnerability description
Affected URLs/system components
Step-by-step reproduction guide
Proof of concept (screenshots/videos)

Response Protocol

Acknowledgment: Within 3 business days
Assessment: Verification within 14 days
Resolution: Patch timeline communicated
Reward: Paid via PayPal within 30 days of fix

Contact Our Security Team

🛡️ Dedicated Security Email: [email protected]
📞 Emergency: +84867345640 (24/7 for critical issues)

We continuously update this policy. Please check back for changes.