We take the security of our systems seriously. We value organizations working together with the security researcher community.
Guidelines - We require that all researchers:
Perform research only within the scope set out below.
Make every effort to avoid privacy violations, degradation of user experience, disruption to production systems, and destruction of data during security testing.
Keep information about any vulnerabilities discovered confidential until we have had  days to resolve the issue with the corresponding organization.
If you follow these guidelines when reporting an issue to ZrocCyberSec™, we commit to:
Not take or support any legal action related to your research.
Work with you to understand and resolve the issue quickly (including an initial confirmation of your report within 72 hours of submission).
Scope - the following test types are allowed
Out of scope - the following test types are not allowed
Social engineering and Phishing against users, company staff, etc.
Vulnerabilities that can easily be found with automated scanners .
Any service hosted by 3rd party providers are excluded from scope (eg. CRM software, etc)
Researchers are only paid for verified, original findings.
Researchers do not get paid for their time or for findings that another researcher already reported.
So, only unique, valid vulnerabilities you report to us are eligible for payments.
Bounty payments typically happen either after the vulnerability is confirmed, or after it is fixed by the corresponding organization.
When it is determined that the researcher has reported a valid vulnerability, they
can be paid the appropriate amount - as adverstised - for the criticality of the vulnerability through ZrocCyberSec™ platform.
 After bug confirmation the researcher provides bank account details for payments, less platform fees.
 Platform fee is 30% of vulnerability payout amount.
 Terms and conditions apply - read the docs!