You cannot access this page because JavaScript is not enabled in your browser.


If you are using Firefox:

Enter in your search bar > "about:config". Then enter: "javascript.enabled" in the new search bar that appears. Now click on "true".



If you are using Google Chrome:

Enter > "chrome://settings/content/javascript" in your search bar. Then click the switch button: "Allowed (recommended)".

Bug Bounty Program.

Introduction:

At Spunky Development, the security of our digital services is a priority. We believe in collaborating with security researchers to identify and fix vulnerabilities. The Bug Bounty Program is designed to encourage this collaboration by rewarding individuals who responsibly discover and report security vulnerabilities to us.

Eligibility:

  • The Bug Bounty Program is open to all security researchers, professional or amateur, regardless of age, nationality, or affiliation.
  • Employees of Spunky Development and their relatives are not eligible to participate in the program.
  • Anyone residing in a country subject to trade or economic restrictions with France is not eligible.

Reporting rules:

Vulnerabilities must be reported to the following email address: [bugbounty@spunky.dev] in a responsible manner, allowing Spunky Development a reasonable time to fix the issue before publicly disclosing any information. Reports must be written in English or French and should contain a detailed description of the vulnerability, including the steps required to reproduce it.

Scope of the Program:

The following digital services of Spunky Development are included in the Bug Bounty Program:

  • Web Applications: https://spunky.dev/
  • CDN: https://cdn.spunky.dev/
  • API: https://api.spunky.dev/

The following types of vulnerabilities are especially sought:

  • Remote code execution.
  • Privilege escalation.
  • Sensitive data leakage.
  • Authentication and authorization vulnerabilities.
  • XSS, CSRF, and SQL injection vulnerabilities.

Exclusions:

The following items are excluded from the Bug Bounty Program:

  • Vulnerabilities discovered via brute force or spam testing.
  • Vulnerabilities requiring physical access to the victim's device.
  • Security issues related to third-party software, unless these directly affect our services.
  • Security issues found on outdated versions of our software or services.
  • Reports containing insufficient information to clearly reproduce the vulnerability.

Rewards:

Rewards vary depending on the severity and impact of the reported vulnerability. Severity will be assessed using the CVSS (Common Vulnerability Scoring System). Rewards will be determined at the discretion of Spunky Development and can range from €10 to €500 or more for particularly critical vulnerabilities. Rewards will be paid via one of the following methods: PayPal, Bank transfer, or Cryptocurrencies (Stablecoin).

Validation and payment process:

Each report will be reviewed by Spunky Development’s security team. If the vulnerability is confirmed, the reporter will be contacted to discuss the reward. Once the vulnerability is resolved, the reward will be paid within 30 days.

Privacy and data protection:

Spunky Development is committed to processing all personal information of Bug Bounty Program participants in accordance with its Privacy Policy. Personal information will only be used for program management and reward payments.

Program modification:

Spunky Development reserves the right to modify or cancel this Bug Bounty Program at any time, without prior notice. Changes will take effect upon publication on our website.

Contact:

For any report or question regarding this Bug Bounty Program, please contact us at [bugbounty@spunky.dev].

We are the cookies
Cookie System illustration (Two cookies with an EU flag).

Spunky Development follows a zero-tracker policy. We only collect information essential to the security of our services. This data is never used for commercial purposes and respects your privacy (GDPR).

Learn more
×

French

English