At Secuna, every bug has a severity level assigned based on the security impact. To help you decide which security vulnerabilities should be resolved first, Secuna has the following types of severities:
-
Critical Severity - A vulnerability whose exploitation could allow remote code execution without user interaction. Exploitation likely results in a root-level compromise of servers or infrastructure devices.
-
High Severity - A vulnerability whose exploitation could allow access to user’s information without authorization. Exploitation could result in elevated privileges, significant data loss, or downtime.
-
Medium Severity - A vulnerability requiring user privileges to be exploited successfully. Exploitation would involve the attacker to manipulate individual victims by using social engineering tactics, live on the same local network as the victim, or set up denial of service assaults. Often only very restricted access is available.
-
Low Severity - Low-range vulnerabilities typically have minimal effect on an organization’s business.
For companies runninng a Bug Bounty Program on Secuna, we created these bug bounty rates that you may follow to reward the valid submissions of security researchers based on the severity of their reports.
For startup companies (referred to as “Startups”), we recommend a minimum of $100 USD for low severity vulnerabilities.
| Severity | Starter | Standard | Superior |
|---|---|---|---|
| Low | $100 USD | $300 USD | $500 USD |
| Medium | $300 USD | $500 USD | $750 USD |
| High | $500 USD | $750 USD | $1,000 USD |
| Critical | $1,000 USD and up | $1,500 USD and up | $2,000 USD and up |
Please note that you can award any bounty you want but the it must be bigger than the default bounty depending on the severity. Additionally, we add 20% fee for each awarded bug bounty for payment processing.