Security Research Program

Help Us Secure
The Digital World

Join our elite security research community. Find vulnerabilities, earn rewards up to $15,000, and help protect millions of users worldwide.

$250K+
Total Paid Out
150+
Valid Reports
< 24h
Avg. Response
48
Hall of Fame

Why Participate

More than just bounties

Competitive Rewards

Earn up to $15,000 per vulnerability with bonus multipliers for exceptional reports

Fast Response

We acknowledge reports within 24 hours and process payments within 14 days of validation

Recognition

Get featured in our Hall of Fame and receive exclusive researcher swag and certifications

Safe Harbor

Full legal protection for good-faith security research conducted within our guidelines

Community

Join an elite network of security researchers with access to private events and early programs

Direct Impact

Your findings directly protect millions of users and shape the future of digital security

Reward Structure

Payouts based on severity and impact

Critical

$10,000 - $15,000

  • RCE
  • Auth Bypass
  • Data Breach

High

$5,000 - $10,000

  • SQL Injection
  • Privilege Escalation
  • Sensitive Data Exposure

Medium

$1,000 - $5,000

  • Stored XSS
  • CSRF
  • IDOR

Low

$100 - $1,000

  • Reflected XSS
  • Info Disclosure
  • Rate Limiting

Bonus Multipliers

+25%
First Report of Type
+25%
Exceptional Detail
+50%
Working Patch Included
+100%
Vulnerability Chain

Program Scope

Assets and vulnerability types covered

In Scope

Assets

*.sindrx.com
API Endpoints
Mobile Apps
Auth Systems

Vulnerability Types

  • Remote Code Execution (RCE)
  • SQL/NoSQL Injection
  • Authentication/Authorization Bypass
  • Cross-Site Scripting (XSS)
  • Server-Side Request Forgery (SSRF)
  • Insecure Direct Object References (IDOR)
  • Sensitive Data Exposure

Out of Scope

Exclusions

  • Third-party services and integrations
  • Social engineering attacks
  • Physical security testing
  • Denial of Service (DoS/DDoS)
  • Automated scanning without permission
  • Testing on production user accounts
  • Spam or phishing campaigns

Non-Qualifying Issues

  • Missing security headers without impact
  • Self-XSS
  • CSRF on non-sensitive actions
  • Clickjacking without impact
  • Version disclosure

Rules of Engagement

Essential guidelines for responsible research

Look, Don't Touch

Access only what's necessary to prove the vulnerability. Never modify or delete data.

Protect Privacy

Never access, download, or store personal data of our users during your research.

Report Promptly

Submit your findings within 24 hours of discovery. Time is critical for security.

Keep It Confidential

No public disclosure until we patch and give you the green light (max 90 days).

Safe Harbor Policy

SindrX is committed to protecting security researchers who act in good faith. If you follow our rules of engagement, we pledge to not pursue legal action against you, work with you to understand and resolve issues quickly, recognize your contribution publicly (with your permission), and not report you to law enforcement for your research activities.

Our Commitment

Response time guarantees

< 24h

Initial Response

Acknowledgment with tracking ID

< 72h

Triage Complete

Severity assessment and validation

< 14 days

Resolution Update

Fix timeline communicated

< 14 days

Payment Processed

After validation complete

Submit a Vulnerability

Use this form for secure submission. For encrypted reports, include your PGP key.

Researcher Information

Vulnerability Details

Hall of Fame

Recognizing security researchers who help make SindrX safer for everyone.

Be the First

Our Hall of Fame is waiting for its first members. Submit a valid vulnerability report and earn your place among the security researchers who help protect our users.

Have Questions?

Our security team is here to help with any questions about the program.