In the event that a vulnerability report is accepted by NIIS, a bounty will be paid out in accordance with the assessed risk and impact of the finding. Each report will be individually evaluated by NIIS’ triage team and will be assigned a bounty based on these factors.
The following table provides the bug classes and their corresponding bounty. Note that that the reward for an individual submission may be higher or lower than the amounts listed below based on the assessed impact.
Severity | Bounty payout |
|---|---|
Low | Up to 500 € |
Medium | Up to 1500 € |
High | Up to 3000 € |