Reporting through the Bug Bounty platform
To ensure a payout to you and quality reports for us, we highly encourage reporting vulnerabilities on our Bug Bounty platform. To do that, you will need to be registered with Intigriti (https://login.intigriti.com/account/register) and invited to join our Bug Bounty program. If or when you are registered with Intigriti, you will need to provide us with your account information by email ([email protected]) to be invited into our Bug Bounty program.
Reporting directly to HomeToGo by email
If you want to report a vulnerability without the use of our Bug Bounty program on Intigriti, you can send your findings directly to us by email ([email protected]). Reports sent directly to us and not through the Bug Bounty service provider’s platform will be accepted, but the payment will happen at the sole discretion of HomeToGo. The payout for the report depends on the vulnerability severity, business impact and quality.
Please use the below template to send us vulnerability reports:
#Summary:
[add summary of the vulnerability]
#Affected host:
[add all affected domains]
#Impact:
[add impact of the vulnerability with the description]
#Steps to reproduce:
[add details for how we can reproduce the issue, including an exploit code]
[add step]
[add step]
[add step]
#Supporting material/references:
[list any additional material (e.g. screenshots, videos, logs, etc.) and add them as attachments/references]