This policy of limiting security assessments/bug bounties to only certain things is really stupid.
Do you really think that any extremely motivated hacker would just stick to the arbitrary terms you set.
He will do whatever it takes to get in and by limiting security research you're making yourself vulnerable in other areas not defined in that assessment request.
Do you really think that any extremely motivated hacker would just stick to the arbitrary terms you set.
He will do whatever it takes to get in and by limiting security research you're making yourself vulnerable in other areas not defined in that assessment request.