Skip to main content

Community Guidelines for Ethical Hackers ("Whitehats")

OpenBounty believes ethical hackers (“Whitehats”) play a crucial role in identifying and mitigating vulnerabilities before they can be exploited by malicious actors. The contributions of ethical hackers are vital to maintaining the security and integrity of protocols and the broader web3 community. We see this relationship between Whitehats and the web3 community to be an unspoken agreement and it is imperative that ethical hackers adhere to a set of community guidelines to ensure their activities are conducted in a legal, ethical, and professional manner.

These community guidelines have been created to establish a clear framework for ethical hacking practices. By outlining proper behavior, specific rules, and procedures for escalating support issues, we want to foster a culture of respect, responsibility, and continuous improvement within the cybersecurity community. Adherence to these guidelines not only protects the interests of all parties involved but also strengthens the overall security posture of the web3 ecosystem.

Why are these guidelines important?

These guidelines are important for several reasons:

  1. Protection of Privacy and Data: They ensure that the privacy and confidentiality of individuals and organizations are respected and protected.
  2. Legal and Ethical Compliance: They help ethical hackers operate within the bounds of the law and adhere to ethical standards, thus avoiding legal repercussions and maintaining professional integrity.
  3. Minimization of Unnecessary Harm: They guide ethical hackers to avoid causing unnecessary harm or disruption to systems, networks, and data during their activities.
  4. Responsible Vulnerability Disclosure: They promote responsible disclosure practices, enabling system owners to address vulnerabilities effectively and in a timely manner.
  5. Professionalism and Respect: They foster a professional and respectful environment within the cybersecurity community, encouraging collaboration and the sharing of knowledge.

OpenBounty Community Rules

  1. Respect Privacy and Confidentiality
  • Do not access or attempt to access personal data without explicit permission.
  • Respect the privacy of users and refrain from disclosing any personal information or vulnerabilities publicly without consent.
  1. Obtain Proper Authorization
  • Always seek explicit permission from the owner of the system or network before conducting any testing or ethical hacking activities.
  • Ensure written consent is obtained and documented before proceeding.
  • Respect the specifics of “In-scope” and “Out-of-scope” in the Bug Bounty program
  1. Follow Legal and Ethical Standards
  • Adhere to all relevant local, national, and international laws.
  • Conduct all activities with honesty, integrity, and professionalism.
  • Avoid any activities that could be considered illegal, unethical, or malicious.
  1. Use Responsible Disclosure Practices
  • Follow responsible disclosure protocols for reporting vulnerabilities.
  • Report findings directly to the appropriate party (e.g., system owner, security team) in a timely and responsible manner.
  • Provide sufficient detail to allow for the vulnerability to be understood and addressed. A Proof of Concept is always recommended.
  1. Protect Systems and Data
  • Avoid causing harm or disruption to systems, networks, protocols or data.
  • Use the minimum amount of testing necessary to identify vulnerabilities.
  • Take steps to prevent data loss or corruption during testing.
  1. Maintain Professionalism
  • Communicate clearly and professionally with the project security teams, and other stakeholders.
  • Refrain from using offensive language or making threats.
  • Respect the opinions and contributions of others in the cybersecurity community.
  1. Continuous Learning and Improvement
  • Stay updated with the latest security trends, vulnerabilities, and best practices.
  • Engage in continuous learning and professional development.
  • Share knowledge and insights with the community to help improve overall security awareness.
  1. Escalating Support Issues
  • If a critical vulnerability is discovered that requires immediate attention, escalate the issue to the appropriate authority as quickly as possible.
  • Provide detailed documentation and evidence to support the escalation.
  • Follow up to ensure the issue is being addressed and offer further assistance if needed.
  1. Respect Community Rules and Guidelines
  • Abide by the rules and guidelines set forth by any platforms, forums, or communities you participate in.
  • Avoid engaging in behavior that could be disruptive or harmful to the community.
  1. Report Misconduct
  • If you observe any unethical or illegal behavior within the community, report it to the appropriate authorities or community moderators.
  • Provide as much detail as possible to assist in the investigation.

Failure to purposely or with intent to violate any of these guidelines will lead to removal from the OpenBounty platform.