Rewards
In the event that a vulnerability report is accepted by NIIS, a bounty will be paid out in accordance with the assessed risk and impact of the finding. Each report will be individually evaluated by NIIS’ triage team and will be assigned a bounty based on these factors.
The following table provides the bug classes and their corresponding bounty. Note that that the reward for an individual submission may be higher or lower than the amounts listed below based on the assessed impact.
Severity | Bounty payout |
|---|---|
Low | Up to 500 € |
Medium | Up to 1500 € |
High | Up to 3000 € |
Vulnerability reports are submitted to the X-Road Service Desk using the Bug Bounty request type. In order to access the X-Road Service Desk, sign up for an account.