Kube-DCKube-DC
Security Program

Bug Bounty Program

We've just launched Kube-DC.cloud and we're building it in the open. As a young platform, we deeply value every bug report and security finding from the community. Help us make Kube-DC.cloud rock-solid - report bugs and security vulnerabilities responsibly, and earn free service resources as a thank-you.

Program Rules

Follow these guidelines to participate in our Bug Bounty Program.

Responsible Disclosure

Report vulnerabilities privately via email before any public disclosure. Allow us reasonable time to investigate and patch.

Stay In Scope

Only test against the systems listed in our scope. Do not access, modify, or delete data belonging to other users.

Response Timeline

We acknowledge reports within 48 hours and aim to provide an initial assessment within 5 business days.

Rewards

Rewards are provided as free Kube-DC.cloud service resources (CPU, RAM, Storage pools). Severity determines the reward tier.

Severity Levels & Rewards

Rewards are granted as free Kube-DC.cloud service resources (resource pools, storage, bandwidth). The reward amount depends on the severity of the reported vulnerability.

Critical

Remote code execution, authentication bypass, data breach vulnerabilities

Up to €500 in free resources

High

Privilege escalation, significant data exposure, cross-tenant access

Up to €250 in free resources

Medium

Cross-site scripting (XSS), CSRF, information disclosure

Up to €100 in free resources

Low

Minor misconfigurations, non-sensitive information leaks, UI bugs

Up to €50 in free resources

Scope

Only the following assets and services are eligible for the Bug Bounty Program.

In Scope

  • kube-dc.cloud (main website)
  • console.kube-dc.cloud (web console)
  • API endpoints (api.kube-dc.cloud)
  • Kubernetes cluster security
  • Authentication and authorization flows
  • Data isolation between namespaces

Out of Scope

  • Third-party services and integrations
  • Social engineering attacks
  • Physical security testing
  • Denial of Service (DoS/DDoS) attacks
  • Automated scanning without prior approval
  • Vulnerabilities in outdated browsers or plugins
Found a Bug?

How to Report

Submit your findings through our Support Portal. Include a detailed description, steps to reproduce, and any proof-of-concept code or screenshots.

Submit via Support Portal

Open Report Form

Please select the appropriate severity level and provide a clear description of the vulnerability.

Legal Safe Harbor

We will not pursue legal action against security researchers who discover and report vulnerabilities in good faith, following the rules of this program. Research conducted in accordance with this policy is considered authorized. We will work with you to understand and resolve the issue quickly.

Ready to Start Your Cloud?

14-Day Free Trial - Instant kubeconfig - Cancel anytime