All the websites have an open registration..
We are happy to announce our first bug bounty program! We've done our best to clean most of our known issues and now would like to request your help to spot the ones we missed! We are specifically looking for:
- leaking of personal data
- account takeover
- ordering free items (and get all the required confirmations so it is a successful order)
- access to backend resources
- access to internal API's
For the sites in scope please refer to the 'Domains' section. Please take into account the patterns (e.g. for www.intergamma.nl everything with prefixes is out of scope)
Third party components
We use various third party components, for example in iframes (many of our configurators). Please note that these are managed by third parties. Feel free to submit any issue found there, but be aware the severity and bounty will depend on the impact it has on our organisation. For example, if you can order free items due to an error in a third party application, but the the third party will reimburse Intergamma if this happens, we are not obliged to pay a bounty, but will consider it depending on the severity (since our name is on the wall).
Mobile apps
Next to our websites our mobile apps are also in scope. Please note they have a big overlap in API call's and use a webview of the websites. Therefore many vulnerabilities present there stem from there. That's why we would like you to focus on the websites, hence the lower tier for the apps for now!
Please note that we largely use the same backend for all our websites and apps. That means a vulnerability in one, will most of the time be a vulnerability in all. Please submit it only once, we are not paying out for the same issue in different web sites (or we have to cut our bounties in nine 😉)
We plan to regularly put new features in the spotlight that still need to proof themselves, so keep an eye on us or subscribe to our program to receive updates when we do!