EN
English
Español
Français
Indonesian
Italiano
Polski
Português
Русский
Thai
Tiếng Việt
Türkçe
简体中文
繁體中文
বাংলা
العربية
한국어
Crowdin
Deutsch
Security is a collaboration. Report bugs and be rewarded.
*We may pay higher for critical bug reports on a case-to-case basis.
Critical severity issues present an enormous risk to our clients or to Deriv itself. They often affect relatively low-level components in our infrastructure. For example:
High severity issues are generally more narrow in scope than critical issues, but they may expose sensitive client and company data to attackers. For example:
Medium severity issues allow attackers to gain unauthorised access to read or modify a limited amount of sensitive data. This data is usually less sensitive than the data exposed by high severity issues. For example:
We’ll reward reports on low-level vulnerabilities only if they help us fix severe security issues, and we’ll decide the reward amount on a case-to-case basis.
Low severity issues expose an extremely limited amount of data. They may violate an expectation of how something is intended to work, but without privilege escalation or the ability to trigger unintended behaviour. For example: