Submit bug report: http://coinjar.com@GetCoinJar
A simple way to buy, sell and spend bitcoin. CoinJar is a next-gen personal finance account.
Policy
As part of our ongoing effort to keep your money safe and information secure, we run a bug bounty program. If you discover a security related issue in our software, we'd like to work with you to fix it and reward you for your assistance.
Rewards
We will award an amount in bitcoin on a case by case basis depending on the severity of the issue. Please note that we only award one bounty per bug.
Responsible disclosure
To be eligible for the bug bounty, you:
Must inform us before posting the exploit anywhere, and allow us sufficient time to patch the issue.
Can not exploit, steal money or information from CoinJar or its customers. If the exploit requires account access, you must use your own.
Must not defraud CoinJar or any of its customers.
If you are in doubt about anything, please email us with any questions at security@coinjar.com. Provided the above rules are followed, and you operate in good faith, we will not bring legal action against you.
Eligible bounties
Any software issue that results in the loss/compromise of data or money for CoinJar or any of its customers. The most common examples are:
Cross site scripting
Cross site request forgery
Remote code execution
Click jacking
Code injection
Leaks of sensitive data
Ineligible bounties
We can not reward bounties for things that are outside of our direct control, such as:
Social engineering
Physical access to hardware
Vulnerabilities in 3rd party software (Ruby, nginx, etc)
Denial of Service
Usability issues
How to report
If you have an issue to report, please send an email to security@coinjar.com. In your email, include as much detail about the exploit as possible and a Bitcoin address to send the reward to. Our Security Team will get back to you within three days.
Policy:
https://www.coinjar.com/bountyDomains
coinjar.com
*.coinjar.com
