Scope

• NukeViet's open source project at https://github.com/nukeviet/
• NukeViet's websites and domains are not covered by this program

Qualifying vulnerabilities

Any design or implementation issue that substantially affects the confidentiality or integrity of user data is likely to be in scope for the program. Common examples include:

• Cross Site Scripting (XSS)
• Cross-Site Request Forgery (CSRF)
• SQL Injection (SQLi)
• Authentication related issues
• Authorization related issues
• Data Exposure
• Remote Code Execution
• Business Logic
• Mobile-specific API vulnerabilities

Non-qualifying vulnerabilities

Depending on their impact, some of the reported issues may not qualify. Although we review them on a case-by-case basis, for example:

• URL redirection
• Bugs requiring exceedingly unlikely user interaction
• Logout cross-site request forgery
• Flaws affecting the users of out-of-date browsers and plugins.
• Presence of banner or version information
• Email spoofing
• DDoS

Reward

As an open source software project, NukeViet does not award cash for findings, but we will honor researchers for contributions to the development of the project. Other rewards will be reviewed on a case-by-case basis.