Frequently Asked Questions (FAQ)
1) Why are you guys doing this?
- We now live in the digital age and Information Security plays a very important role in the development of Information Technology. Enhancing such capability is essential to nation's security and economic well-being. We have observed that numerous online assets within our nation are at risk of being hacked and as such, we would like to help out as much as we can even if that means a tiny push for our national development.
2) How does it work?
- Simple. Hunter searches for security flaws within the registered companies' defined scopes. Discovered vulnerabilities are then documented and submitted for verification by the triage team. The triage team validates the submissions and decides the severity and score the risk level. Organisation fixes the affected component and reward the hunter with monetary incentive or swag if eligible.
3) Isn't this the same as HackerOne or Bugcrowd etc?
- In short, very much similar, however, we do not treat this as a business and we do not operate this with an intention of making money. Also, we open this solely for local hackers and businesses from Myanmar.
4) How are you guys operating this despite having full time jobs?
- As you can reckon, we are sacrificing our own free time to ensure we run this platform successfully. Therefore, please expect some delay in our responses but we will try our best to get back to you as soon as we can.
1) Will we always receive monetary rewards?
- We try to encourage the organisations to issue rewards that truly reflect your commitment, energy, and effort that you have put in. However, we leave that to the organisations to decide. We will clearly display on our platform the type of reward that they have agreed.
2) What do you expect from us - hackers?
- Clearly shown steps and well documented report. This will help us to verify your submission quickly.
- Mutual respect. We respect your effort and dedication, similarly, please try to put yourself in our shoes as well.
- Your tone. We all are professionals and we should stick to our standard.
3) Which language do I use to file the reports?
- You may use Burmese or formal English but strictly no Burglish. Please try your best to write and describe the steps you took in a clear manner so that we can verify it quickly.
4) What is RTFM?
- Google it. Read the scope carefully before you proceed with the testing. Please be aware of "Dos and Don'ts".
5) How can I receive monetary rewards for valid submissions?
- We will do ATM transfer to your bank account. If it is not applicable, we will contact you and ask for your preferred method.
6) How can I reach out for technical support?
- You will be invited to our Slack channel once your account is verified. You can then ask us there or email us.
7) How long does it take to triage valid submissions?
- Within 48 hrs.
8) Can I file a report if I found the bug on this platform itself?
Definitely. We encourage you to do so as well. Your effort will be appreciated and you will be rewarded.
9) Can I report anything I want?
- It is actually up to the defined scopes by the organisations. Please read the scope and policy carefully before you proceed with the testing.
10) Am I allowed to talk publicly about the programs and blog about my findings?
- You are not allowed to talk about the programs publicly for obvious reasons. Your account will be blocked when we find out about such cases. You may, however, blog about your findings without disclosing the program's name only when you have explict permission from the organisation. It's between you and the organisation, and we do not hold any responsibility for any consequences of your actions.
1) I am interested. How do I register my organisation?
- Please contact us via Facebook messenger or email. We will then explain our formal registration process.
2) Why do I need this?
- Does your business rely on systems such as network, infrastructure, website or mobile application etc? If your answer is 'Yes', securing your digital assets could bring more benefits to your businesses with the trust of your consumers. We are here to build a bridge for your business and local hackers to help secure your digital assets. Please contact us for more details.