Last updated: 2020-12-10
These activities are commonly prohibited by bug bounty programs. If you would like to exclude other activities, explicitly include them in the onboarding form.
An embargo period is a fixed period of time from when a bug is reported to when a bug reporter can publicly disclose it. Bug reporters must not publicly discuss or disclose the presence or details of a bug during the embargo period. Once the embargo period is over bug reporters will be free to publicly discuss and disclose the details of the bug they’ve found and any proof-of-concept exploits that they may have written to validate the bug.
Public disclosure is important to bug reporters’ reputations (some may wish to present their work at conferences) as well as to maintain confidence that the Immunefi platform does pay out its bounties.
Join our whitehat community and get notified when new bounties launch on the platform