Description
netplus.ch SA is a service company specialising in the field of telecommunications. The 100% French-speaking area multimedia operator provides more than 220,000 users with high-quality local Internet, telephony, and television services both in towns and rural areas. The company incorporates eleven networks marketing more than 460,000 multimedia services intended for both private and professional customers under the BLI BLA BLO and net+ brand names.
The bug bounty program netplus.ch SA is part of the higher-level bug bounty program of SUISSEDIGITAL association. SUISSEDIGITAL is the trade association of Swiss communication networks. Bringing together some 200 commercial and public sector companies from all over Switzerland and the Principality of Liechtenstein, the association's high-performance networks allow each of its members to act as a one-stop shop offering their customers leading-edge communication services. These services include broadband internet, landline and to some extent mobile telephony as well as radio and television, with all the advantages of digital technology.
Rules
Scopes
Not in scope: All other domains and subdomains (as e.g. webmail). The parental control mechanism is out of scope, as not designed to be hacker proof.
- my.dev.netplus.ch: Portal
Customer’s selfcare portal
- dev.netplus.tv: Portal
Web TV portal
- caius.dev.netplus.ch: API
Online order library (API)
Procedure
- Register / Login to GBF
- Start looking for vulnerabilities, respecting the definitions in this program (scope, rules, ...).
- Report found vulnerabilities and support the platform and the customer in verifying them.
- Get paid for confirmed, new vulnerabilities.
Legal
The organisation gives their approval for Friendly Hackers to use hacking methods based on the specified bug bounty program. Due to this consent, the criminal liability criterion of unauthorized obtaining/unauthorized use and thus the criminal liability of the Friendly Hackers with regard to the criminal offenses in Art. 143 Swiss Criminal Code (Unauthorised obtaining of data) and Art. 143bis Swiss Criminal Code (Unauthorised access to a data processing system) does not apply.
Bounty Levels
Severity | Bounty |
---|---|
Critical | CHF 2000-5000 |
High | CHF 1000-2000 |
Medium | CHF 200-1000 |
Low | CHF 50-200 |