Rules of Participation
Participation in the program requires acting ethically, responsibly, and adhering to the rules. Be sure to read all the rules before you start discovering vulnerabilities.
Do not distribute information about the found vulnerability until it is fixed.
Use every effort not to harm our users and services (act in good faith).
Be sure to use your own accounts, phone numbers, etc. to conduct research. Do not try to access other people's accounts or any sensitive information. If you need account access to find vulnerabilities, you must use your own personal account.
If, during testing, personal data is inadvertently accessed by a the researcher, we strongly request that all information associated with them be deleted - including: connection codes, personal data, etc., after notifying us about it.
Use all necessary measures to avoid violations of the privacy and performance of other users, including unauthorized access to data, destruction of data, interruption or degradation of services, etc.
Automated scanning tools must have a limit of 5 requests per second (300 requests per minute) per target host and must not exceed the limit of 3 concurrent requests at the same time (5 threads).