Vidio invites you to test and help secure our applications - focusing on our mobile and web application. We appreciate your effort and hard work in making us more secure, and and we are looking forward to be working with you to make this a meaningful and successful bug bounty program. Good luck and happy hunting!
If you suspect any online security issues in our systems, you can send an email directly to our security team at security [at] kmklabs.com. We will review, validate your submission and we’ll in touch with you.
Our rewards are impact-based. What that means is we will issue a relatively high reward for any vulnerability which potentially leaks sensitive user data, but that we will issue little to no reward for a vulnerability that allows an attacker to deface the microsite. When we have our reward meetings, we always ask one question: If a malicious attacker abuses this, how bad are we affected by it? We assume the worse and pay out the bug accordingly. If we receive a report for the same issue, we would only offer the bounty to the earliest reporter for which we had enough actionable information to identify the issue. We do not want to encourage people spamming us with vague issues in an attempt to be first.
At the end of the day, all reward payouts are at our discretion, but we aim to be fair. Some researchers won't agree with our decisions, but we are paying out to the best of our ethical ability and trust that the majority of researchers will consider their rewards fair and in many cases generous. We will adapt as the program continues. By receiving the reward, it would mean that the bounty has been accepted and the terms and conditions of not disclosing the bounty to public applies.
Vidio Bug Bounty Program - Terms and Conditions