To become a bounty manager will depend on the kind of bounty.

1- If it's a bounty related to crypto (project that is associated with crypto, or even a new crypto project)
You will need to have a bounty manager badge on https://www.altcoinstalks.com/
More details: https://www.altcoinstalks.com/index.php?topic=125822.0


2- If It's a bounty for a project none related to crypto.
Please subscribe to get the rank assigned automatically.
https://www.bountytalk.org/index.php?action=profile;area=subscriptions;

Please translate this post (to your language), so that you understand it well.

Users are approved by admin based on these criteria:

+ Bounty managers: These are the mangers of the forum bounty/advertising campaign.
There are 2 ways to be approved as bounty manager:
- Pay for the rank via our subscription system (valid for crypto and non crypto related bounties).
- For crypto related projects: option 2 is to have a bounty manager account on: https://www.altcoinstalks.com/

+ Bounty hunters: These are the people that wish to join a bounty campaign to earn money.

there are 3 types:
- Crypto bounty hunters
- General bounty hunters (none crypto)
- Bug bounty hunters



For signature bounties:
You apply on this forum to a bounty, and if accepted you get to display an ad in your profile signature on another forum.
Requirements:
- You must have a forum account on another site > you will need to provide it on registration.
- If you are joining crypto related bounties, you are also required to also join https://www.altcoinstalks.com/ , to be able to interact with the project's ANN and discussions.

For other bounties:
- You need to provide your social media profile on registration (the one you will use Facebook/instagram/twitter/ etc ..)
this will only be seen by the administration, and is needed to manually validate your subscription.

submit bug report: https://www.robeco.com/en/responsible-disclosure.html

Working on system security
Every day, specialists at Robeco are busy improving the systems and processes. This helps to protect the details of our clients against misuse and also ensures the continuity of our services. However, this does not mean that our systems are immune to problems. If problems are detected, we would like your help.

What can we expect from one another?
Report any problems about the security of the services Robeco provides via the internet. If you discover a problem or weak spot, then please report it to us as quickly as possible. Examples of vulnerabilities that need reporting are:

cross-site scripting vulnerabilities
SQL-injection vulnerabilities
encryption weaknesses
What do we expect from you?
Ensure that you do not cause any damage while the detected vulnerability is being investigated. Your investigation must not in any event lead to an interruption of services or lead to any details being made public of either the asset manager or its clients.

What do we do with your report?
A team of security experts investigates your report and responds as quickly as possible. We ask you not to make the problem public, but to share it with one of our experts. Give them the time to solve the problem. We will let you know what our assessment of your report is, whether we will provide a solution and when we plan to do that.

Rules of the game
There is a risk that certain actions during an investigation could be punishable. If you act in good faith, carefully and in line with the rules of the game supplied, there is no reason for Robeco to report you. So follow the rules as stated in these responsible disclosure guidelines and do not act disproportionately:

Do not use social engineering to gain access to a system.
Do not place a backdoor in an information system in order to then demonstrate the vulnerability, as this can lead to further damage and involves unnecessary security risks.
Make as little use as possible of a vulnerability. Only perform actions that are essential to establishing the vulnerability.
Do not edit or delete any data from the system and be as cautious as possible when copying data (if one record is enough to demonstrate the problem, then do not proceed further).
Do not introduce any system changes.
Do not try to repeatedly access the system and do not share the access obtained with others.
Do not use any so-called 'brute force' to gain access to systems. After all, that is not really about vulnerability but about repeatedly trying passwords.
How should you submit a report?
If you have detected a vulnerability, then please contact us using the form below.

What does not need to be reported via the disclosure point?
The disclosure point is not intended for:

submitting complaints about services
making fraud reports and/or suspicions of fraud reports from false mail or phishing e- mails
reporting viruses
submitting complaints or questions about the availability of the website

submit bug report: desk.com/help-center-closed/?utm_source=helpcenter-closed&utm_medium=poweredbyzendesk&utm_campaign=text&utm_content=onfo.zendesk.com


Champions of customer service
OUR PRODUCTS
Zendesk for service
Zendesk for sales
Sunshine Platform
Marketplace
Product updates
TOP FEATURES
Ticketing system
Messaging & live chat
Help center
Voice
Community forums
Reporting & analytics
Answer Bot
Customer service software
Ticketing system software
Live chat software
Knowledge base
Forum software
Help desk software
Workforce management
RESOURCES
Security
Product support
Request a demo
Blog
Training
Partners
Webinars
Customer Stories
Services
COMPANY
About us
Newsroom
Investors
Events
Careers
Diversity & Inclusion
Accessibility Plan
Sustainability
Contact us
Sitemap
System status
Zendesk Foundation
Legal
FAVORITE THINGS
What is Zendesk
Zendesk for Enterprise
Zendesk for Small Business
Zendesk for Startups
Zendesk Benchmark
Gartner CRM Magic Quadrant
Customer Experience Trends
What is CRM?
CRM software guide
Join our research panel

submit bug report: https://nextcloud.com

We're inviting researchers all over the globe to take a look at Nextcloud and bring it's security to the next level. If you're interested in learning how we handle security you can read more about it on our dedicated security page.
Program policy
We know how valuable your time is and employ a "No bullshit policy" that boils down to: Don't be a jerk. Instead of bothering you with a huge list of exclusions we're going to tell you what we're especially looking after:
Bugs within Nextcloud server and apps supported by Nextcloud GmbH (Note: see scope below for all qualifying and packaged components. Third-party apps from the AppStore are not part of our bounty program.)
Bugs within the mobile iOS and Android sync clients
Bugs within the desktop sync clients for Mac, Windows, and Linux
A bug is for us something that actively allows an attacker to escalate their privileges. Something like "Attacker can delete arbitrary files of other users" is fine, "Missing X-Frame-Options on the download servers" not so much. At the moment we are also considering Denial of Service not a reward worthy vulnerability. (we will acknowledge you though!)
Found a security bug in one of the above-mentioned components? Awesome! Just report it here and we will get back to you. These components are also for what monetary rewards are awarded. Bonus points if you check back with our threat model before.
Found a bug in one of our websites or so? While we can't offer you any monetary reward we will acknowledge the issue and happily accept reports for it via this platform as well. But please do not run any Denial of Service attacks against our infrastructure or extract user data. Please do also refrain from using automated testing tools against our infrastructure or disclosing bugs to other parties before we have published a patch.
We believe in transparency about our security, so any valid vulnerabilities discovered are always publicly disclosed after a grace period.
Rewards
Our rewards are based on severity and range up to $10,000. To give you some guidance we have compiled below list:
Impact   Definition   Highest possible reward
Critical   Gaining remote code execution on the server as a non-admin user. (i.e. RCE)   $10,000
High   Gaining access to complete user data of any other user. (i.e. Auth Bypass)   $4,000
Medium   Limited disclosure of user data or attacks granting access to a single users' user session. (i.e. XSS with CSP bypass)   $1,500
Low   Very limited disclosure of user data or attacks involving a very high unlikely amount of user interaction.   $500
Last updated on August 3, 2021.
View changes
Looking for what's in scope? Check out the new Scope tab above.