Rewards

In the event that a vulnerability report is accepted by NIIS, a bounty will be paid out in accordance with the assessed risk and impact of the finding. Each report will be individually evaluated by NIIS’ triage team and will be assigned a bounty based on these factors.

The following table provides the bug classes and their corresponding bounty. Note that that the reward for an individual submission may be higher or lower than the amounts listed below based on the assessed impact.

Severity

Bounty payout

Severity

Bounty payout

Low

Up to 500 €

Medium

Up to 1500 €

High

Up to 3000 €

Vulnerability reports are submitted to the X-Road Service Desk using the Bug Bounty request type. In order to access the X-Road Service Desk, sign up for an account.