Security Disclosure Policy
At Nullforge, we believe security isn’t a one-sided game — it’s a constant collaboration between defenders, builders, and the global hacker community. Every system has its weaknesses, and by working together with ethical hackers and security researchers, we aim to uncover and fix vulnerabilities before they can be exploited by malicious actors.
As a way of recognizing your skill, dedication, and contribution to keeping our systems secure, we offer exclusive Nullforge Swag, public recognition through our Hall of Fame, and collectible Bug Bounty Badges. Each valid submission not only strengthens our defenses but also helps you build your reputation as part of the Nullforge security community.
Hall Of Fame List »
What We’re Looking For
We invite you to test and assess:
• Nullforge Hive Platform (private bounty - by invite only)
• Nullforge Main Website (www.nullforge.net)
• Nullforge Blog (blog.nullforge.net)
We’re especially interested in vulnerabilities such as:
• Remote Code Execution (RCE)
• Authentication Bypass
• Privilege Escalation
• Sensitive Data Exposure
• Business Logic Flaws
Bounty
| Severity | Reward |
|---|---|
| Critical | Premium Nullforge Swag + Hall of Fame + Virtual Badge |
| High | Swag Pack + Hall of Fame + Virtual Badge |
| Medium | Hall of Fame + Virtual Badge |
| Low | Hall of Fame + Virtual Badge |
| Informational | Hall of Fame + Virtual Badge |
Badge System
Every valid report contributes to your badge progression:
Submit your first valid web vulnerability report.
Submit 10 valid web vulnerability reports.
Submit 30 valid web vulnerability reports.
Submit 50 valid web vulnerability reports.
Submit 100 valid web vulnerability reports.
Submit your first critical severity vulnerability (e.g., RCE, full account takeover).
Submit valid reports every month for 6 consecutive months (consistency streak).
Successfully submit a valid exploit chain combining 2 or more vulnerabilities.
Rank in the top 5% of all Nullforge researchers for 2 consecutive quarters.
Submit a valid zero-day vulnerability not previously reported in public sources.
Maintain 90% or higher acceptance rate across 20+ submitted reports.
Submit reports that directly result in major security architecture improvements.
Actively collaborate with Nullforge security team on vulnerability management for at least 12 months.
Achieve excellence across all categories: volume, severity, consistency, collaboration, and mentorship.
Uncover entirely new vulnerability that bypass previously implemented mitigations.
Reach the ultimate level of contribution and impact across the entire Nullforge Bug Bounty Program.
Rules of Engagement
To keep the hunt fair and safe:• Stay within scope.
• Do not access, modify, or delete data that isn’t yours.
• Avoid service disruption (no DoS or spam attacks).
• Work responsibly and ethically — Safe Harbor applies.