(Release date – 11 March 2017)

Bug86 Private Ltd is a private limited company duly constituted under the Companies Act 1956, (hereinafter referred to as “Bug86” or the “COMPANY”). Bug86 has developed a software / platform / software as a service which can be used by a Clients and Researchers by accessing the website www.Bug86.com or www.threatbar.com.

Bug86 Platform is a platform which provides testing and/or vulnerability management software-as-a-service. Clients and Users may subject their Systems or any part thereof and disclose the same as a Program or a project on the BUG86 Platform for testing to be performed by Researchers. Researchers may carry out the testing as per the terms and conditions of the Program or a project disclosed by the Client on the BUG86 platform.

By agreeing to use the Bug86 Platform or the website www.Bug86.com or www.threatbar.com, the Client ,User or Researcher (Collectively referred to as You) agree to abide by the following terms and conditions:

  1. Definitions

    • a. Bug86Platform: means the testing and/or bugs management software-as-a-service offered by Bug86
    • b. Bug86 Site: means the website www.Bug86.com, or www.threatbar.com, related domains, sub-domains and any associated applications related to or located at Bug86.com, or Threatbar.com
    • c. Bug86 Credentials: refers to the user name / password pair enabling You to access your account.
    • d. Client: means an organization or entity using the Bug86 Platform or site for its Program and / or Project
    • e. Program and/or Project: refers to the authorized testing scope, not limited to describing the background and giving details about the technology or related ecosystem including systems, network, applications etc, types of tests, test policy, eligibility, exclusions, rewards, etc. disclosed by the Client or its authorized User. A Program and/or project can be worldwide (open to public) or select (i.e. open to selected researchers) and the terms and conditions must be agreed by the Researcher separately.
    • f. Services: refers to the services provided by Bug86 and any related service made available by or through Bug86 owned websites.
    • g. Electronic Signature: refers to all electronic signatures affixed as defined under the Information Technology Act 2000 or the click through agreements present on the website and accepted by You.
    • h. System: refers to Client’s or Client and User authorized systems (not limited to network, applications, servers, hardware, software etc.) which Client and User want to be tested or are part of the testing or services scope whether they are located at the Client’s premises or at a third-party premises.
    • i. Researcher: refers to a natural person or an entity participating in a Program/Project to test on a System
    • j. Tests: refers to the tests the Client and/or User would like to have performed and that are in accordance with the Program/Project. Tests can be performed in various ways including system intrusive. Tests can take any form and are not just limited to scanning, remote code execution, privilege escalation etc with in Client Systems. Tests are undertaken to identify bugs or vulnerabilities in Client Systems
    • k. User: refers to any person or persons authorized by a Client to perform various activities on Bug86 Platform or Bug86 Site in accordance with a Program and/or Project
    • l. Bugs or Vulnerabilities: refers to any flaw, error or any combination of code, technology or process which can result in any incident, breach, disruption, data loss or any other impact on Client Systems
  2. General Terms

    • a. Your access to use the Platform/ Website will be solely at the discretion of Bug86. Bug86 reserves the right to modify the Terms of Use at any time without giving you any prior notice. Your use of the Platform or the Website following any such modification constitutes your agreement to follow and be bound by the Terms of Use as modified. Any additional terms and conditions, disclaimers, privacy policies and other policies applicable to general and specific areas of the Platform or the Website is also considered as Terms of Use.
    • b. Bug86 reserves the right to add new functionality, remove existing functionality, and modify existing functionality to its Platform or website as and when it deems fit, and make any such changes available in newer versions or all of these at its discretion. You will be duly notified upon release of such newer versions and Bug86 reserves the right to automatically upgrade You to the latest version of its Platform / website as and when it deems fit.
    • c. Bug86 reserves the right to decline registrations from researchers in its sole discretion and without offering any explanation
    • d. By using Bug86, you agree that you have read and understood these Terms of Use and you agree to be bound by these Terms of Use and use Bug86 in compliance with these Terms of Use. PLEASE READ THESE TERMS OF USE CAREFULLY. IF YOU DO NOT AGREE TO BE BOUND BY (OR CANNOT COMPLY WITH) ANY OF THE TERMS BELOW, DO NOT CLICK THE "I ACCEPT" BOX, DO NOT COMPLETE THE REGISTRATION PROCESS, AND DO NOT ATTEMPT TO USE THE PLATFORM OR THE WEBSITE. You expressly represent and warrant that you will not use Bug86 if you do not understand, agree to become a party to, and abide by all of the terms and conditions specified below. Any violation of these Terms of Use may result in legal liability upon you. Nothing in these Terms of Use should be construed to confer any rights to any third party or any other person. YOUR USE OF Bug86 / THE PLATFORM OR THE WEBSITE MEANS YOU ARE CONSENTING TO THIS AGREEMENT
  3. Service Description

    Bug86 Platform is a platform which provides testing and/or bugs management software-as-a-service. Clients and Users may subject their Systems or any part thereof to Testing to be performed by Researchers.

    Client and User can create appropriate Programs/Projects to present to Researcher detailing the Program and Project and its System. Researcher who agree to Program and/or Project details and guidelines will test the system and present the vulnerability report. Client may compensate a Researcher who helped discover a valid flaw and who established a clear connection to the severity level provided for in the Program/Project by granting him or her rewards as agreed with Bug86.com and more particularly described in the program and/or project terms and conditions and scope of the such program and project. The rewards can be tangible, financial or in other intangible form.

  4. Your Obligations

    You undertake to:

    • a. Provide true, accurate, correct and complete personal information which you are required to provide when you register and
    • b. Notify Bug86 immediately of any changes to the Personal Information
    • c. You agree not to - impersonate any other person or entity or to use a false name or a name that you are not authorised to use
    • d. The Researcher may use a slug or pseudo-name or display names that you are authorized to use as part of the profile.
    • e. You agree to –
      • i. use the services, platform, portals only for the IP addresses, URLs and domain names owned by and registered in your name
      • ii. use platform, portals, services, and reports only for the stated purposes in the program and or project for the Client’s internal business purposes in accordance with all applicable laws (including any export control laws);
      • iii. limit access to Bug86 platform, portals to only those employees and/or contractors who have an obligation of confidentiality with You/ Client and only to those who have a requirement for such access on a “need to know” basis and You/ Client shall be solely responsible for disabling Bug86 platform, portals accounts for those employees and/or contractors who no longer require access.
    • f. You undertake not to
      • i. Use Bug86 if you are below 18 years of age
      • ii. translate or adopt BUG86 or the licensed material for any purpose or create any work derived from BUG86.
      • iii. transfer or sub-licence or rent out all or any of the licensed materials to any other person.
      • iv. make any alternations or additions to said BUG86 Software except as specifically described in the documentation.
      • v. permit the whole or any part of the said BUG86 Software to be combined or mixed up with any other programme.
      • vi. use any engine, software, tool, agent or other device or mechanism (such as spiders, robots, avatars or intelligent agents) to navigate or search the Service;
      • vii. circumvent or disable any security features of the BUG86
      • viii. do any framing or hotlinking or deeplinking of any BUG86 content
      • ix. permit itself or others to decompile reverse-engineer or dissemble the product or any part of the licensed material except to the except to the extent allowed by law.
      • x. allow unauthorized access, use or copying and shall maintain adequate security measures to safeguard said BUG86 Software or any of the licensed material.
      • xi. use the BUG86 for any unauthorized and unlawful purpose
      • xii. access (or attempt to access) BUG86 by any means other than through the interface that is provided by BUG86, unless you have been specifically allowed to do so in a separate agreement with BUG86.
      • xiii. engage in any activity that interferes with or disrupts BUG86 program or services (or the servers and networks which are connected to the BUG86 program or services).
      • xiv. reproduce, duplicate, copy, transfer, license, rent, sell, trade or resell the BUG86 Software or any other Services for any purpose whatsoever.
    • g. You also agree and undertake to
      • i. Keep its Computers and Computers Systems free of any Virus, Worm, Trojan or any Malware that may detrimentally affect the performance of the said BUG86 Software
      • ii. Keep your credentials strictly personal and confidential and not share the same with any other third party is any circumstances whatsoever. Any breach of this condition may result in suspension of account, services and will be subject to injunctive losses incurred by Bug86 and / or its partners. In case of any compromise, lost credentials, You shall inform Bug86 immediately.
      • iii. Bug86 shall reserve the right to suspend Your access to the platform / service for any suspected breach or compromise.
    • h. You agree that this Agreement and the Services of BUG86 are subject to any modification, or may be removed by BUG86, as a result of change in government regulations, policies and local laws as applicable.
    • i. You shall not use BUG86 for purposes of monitoring the availability, performance or functionality, or for any other benchmarking or competitive purposes.
    • j. You agree to advise Bug86 immediately and by any means available of any error, mistake, or irregularity that You identify while using the Site and/or Services as soon as such become known to You.
  5. Access to Services and Warranty

    You expressly acknowledge and agree that use of BUG86 is at your sole risk and that the entire risk as to satisfactory quality, performance, accuracy and effort is with You. To the maximum extent permitted by applicable law, BUG86 and any services performed or provided by BUG86 are provided "as is" and “as available”, without warranty of any kind, and BUG86 hereby disclaims all warranties and conditions with respect to any services, either express, implied or statutory, including, but not limited to, the implied warranties and/or conditions of merchantability, of satisfactory quality, of fitness for a particular purpose, of accuracy, of quiet enjoyment, and non-infringement of third party rights. BUG86 does not warrant against interference with your enjoyment of BUG86 and the functions contained in, or services performed or provided by BUG86 will meet your requirements, that the operation of Bug86 will be uninterrupted or error-free, or that defects in BUG86 or services will be corrected. No oral or written information or advice given by BUG86 or its authorized representative shall create a warranty.

  6. Tests

    The Client and Users shall undertake to implement and maintain the security of their entire data, files, utilities protecting from destruction, loss, or alteration prior to, during and after the tests.

    The Client and Users shall acknowledge having been advised by Bug86 of the importance of preparing well for the Tests.

  7. Intellectual Property Rights

    • a. Bug86 Technology

      Bug86 Platform, Bug86 Site, all portals, software, data processing systems or mechanisms, computer code, source code, report templates, CPE, trade secrets, know-how, patents, trademarks, trade names, copyrights, including websites and services portal and their content processes, inventions, discoveries, concepts, improvements, and original works of authorship and derivative works thereof, including the design, manufacture, operation or service of any equipment whether purchased or licensed that Bug86 has prepared, developed, acquired for the purpose of providing the Services shall be the sole property of Bug86 or its licensors. Except as otherwise expressly provided herein, Client, User and Researcher shall not acquire any rights in any Bug86 Technology as a result of receiving the Services.

      Client, User and Researcher agrees and acknowledges that any improvement or modification to such confidential or proprietary data shall be the sole property of Bug86, regardless of whether any such improvement or modification was the suggestion and/or creation of Client, User and/or Researcher. Client, User and Researcher further agrees to use all appropriate copyright and proprietary notices on all equipment delivered hereunder regardless of their intended use

    • b. Trademarks and Logo

      Client, User and Researcher shall not have any rights to use Bug86’s trademarks, service marks or logos for any other purpose without Bug86’s prior written approval.

  8. Right to Use

    • a. Bug86 grants a non-exclusive, non-transferrable, revocable license to the Client to use Bug86 Platform and services subject to the terms and conditions embodied herein. Bug86 Platform and services is available to the Client exclusively and the Client may not transfer, assign, sell or in any manner whatsoever alienate the rights available to the Client to use this program to any other person except as stated hereinabove. If the Client causes a breach of this restriction, BUG86 may terminate this agreement and the Client also may be subject to prosecution and damages.
    • b. During the entire duration of the Client and/or User authorized Program and/or Project, the Researchers shall have a non-exclusive rights except any restrictions identified in the Program and / or Project by the Client and/or User to use the Systems and related ecosystem that are protected by Client Intellectual Property Rights. These non-exclusive rights shall be provided exclusively for Testing purposes only. Client and User agree that due to the scope and intrusive nature of testing and therefore grant permissions and rights exclusively and solely for the purpose of testing to Bug86 and Researchers to recreate the System or cause it to be recreated, right to extract, modify, configure the System and to operate the System in whole or in part using any software or hardware. It shall be expressly agreed that no brand license is granted by the Client and User to Bug86 and unless otherwise specified. Client and User also grant right to use the Client logo, company information and all information required as part of the Program and /or Project details on the Bug86 Platform and Bug86 Site.

  9. Payment Terms

    • a. Fees

      Client shall pay to Bug86 the fees set forth in the Statement of work mutually signed.

    • b. Rewards

      Bug86 and/or Client, at their discretion, may remunerate Researchers in cash as set forth in the Program and or Project. The details of the compensation will be outlined for each applicable program and or project on the bug86.com or Threatbar.com.

  10. Indemnity

    You agree to indemnify and hold harmless BUG86, its affiliates, officers, directors, employees, consultants, licensors, agents, and representatives from any and all third party vendors, from claims, losses, liability, damages, and/or costs (including reasonable attorney fees and costs) arising from his/her/ its access to or use of BUG86 Program, Software or Services, violation of this Agreement, or infringement, or infringement by You his/her/its account, of any intellectual property or other right of any person or entity. BUG86 will notify you promptly of any such claim, loss, liability, or demand, and in addition to your foregoing obligations, you agree to provide BUG86 with reasonable assistance, at your expense, in defending any such claim, loss, liability, damage, or cost.

  11. Limitation Of Liability

    To the extent not prohibited by law, in no event shall Bug86, its affiliates, officers, directors, employees, consultants, licensors, agents, and representatives be liable for personal injury, loss or damages or any incidental, special, indirect or consequential damages whatsoever, including, without limitation, damages for loss of profits, loss of data, business interruption, cost of cover, substitute goods, out of pocket costs or any other commercial or professional damages or losses, arising out of or related to your use or inability to use Bug86, however caused, regardless of the theory of liability (contract, tort or otherwise) and even if Bug86, its affiliates, officers, directors, employees, consultants, licensors, agents, and representatives has been advised of the possibility of such damages.

    In no event shall Bug86, its affiliates, officers, directors, employees, consultants, licensors, agents, and representatives be liable for any direct or indirect loss or damages in connection with any content posted, transmitted, exchanged or received by or on behalf of You or other person on or through the program or services.

    Bug86 has no liability, whatsoever, to You or any third party and Bug86 disclaims any and all warranties, express and implied, that may arise out of the use of the platform or the website by You .

    Bug86 has no liability whatsoever to the client for the actions of the Researcher of performing the Tests or otherwise arising out of any agreement entered into between the client and the researcher directly or indirectly or under any other circumstances whatsoever.

  12. Standard Vulnerability Disclosure Policy and Guidelines for Researchers

    Client and User can create appropriate Programs/Projects to present to Researcher detailing the Program and Project and its System. Researcher MUST agree to this Standard Disclosure Policy and Guidelines and any additional respective Client Program and/or Project details and guidelines including any subsequent updates to test the system and present the vulnerability report.

    You ( Researcher ) expressly agrees to the following terms :

    • a. Researcher shall not make the vulnerability report or his submission public or share with any other third party unless there is a written consent for the same. This also applies to any information related to Clients name, systems, vulnerabilities, and any submissions for invite only projects to which Researcher has been invited.
    • b. Client confidentiality, integrity and availability of data, systems and services must always be complied with by the Researcher. Researcher shall always avoid all such Client confidentiality, integrity and availability violations and disruptions.
    • c. Researcher will not exploit a security issue that they discover for any reason which may include but not limited to attempted compromise of sensitive Client data or probing for additional issues. When investigating a vulnerability, Researcher shall never attempt to access anyone else's data and do not engage in any activity that would be disruptive or damaging to other users and client’s and dependent third parties’ infrastructure and systems.
    • d. Researcher will not violate any other applicable laws or regulations
    • e. After reporting or submitting a security vulnerability in respective Client program / project services or infrastructure which creates a security or data risk, Client’s decision will be final to determine the overall risk impact of any submitted vulnerability.
    • f. Researcher testing and report MUST involve and comply with respective Client Program / Project terms and conditions, scope of such program and project.
    • g. Researcher MUST NOT test certain types of potential security issues that are listed as Out of Scope, Excluded systems, URLs or processes.
    • h. Researcher shall submit the reports via Threatbar.com or bug86.com portal only. Any reports or vulnerability submissions including any attachments such as pdf reports, videos, pictures, graphics and screen shots etc made outside of Threatbar.com and bug86.com portal will not be considered as eligible submission by the Researcher. Any violation of sharing the report and its attachments outside of Threatbar.com or bug86.com portal will be treated as violation of Terms of Use. The eligible channel including submissions and subsequent communications related to submissions is ONLY through Threatbar.com and bug86.com portal.
    • i. You shall not contact employees of Client or Bug86 directly or through other channels about a vulnerability report that has been submitted.
    • j. Use or creation of test accounts when investigating any issues will differ from each Client Programs / Projects. Researcher should comply with individual Client Program and Project terms and conditions at all times. Researcher shall not interact with other accounts without consent
    • k. Client will reserve the right to publish reports (and accompanying updates).
    • l. In case no communications is received from the Researcher for more than 7 days with respect to the Researcher submission, it will be marked closed and no further claims on such submissions shall be entertained.
    • m. These terms and conditions also apply to all reports or vulnerability submissions including valid, invalid, duplicate, out of scope vulnerabilities and reports submitted.
  13. Standard Out of Scope

    Standard out of scope list for testing is as follows

    • a. Spam and/or social engineering techniques
    • b. Denial-of-service attacks
    • c. Physical security testing
    • d. Content injection
    • e. Security issues in third-party apps or websites that integrate with client and are not managed by the client
    • f. Executing scripts on sandboxed domains
    • g. Blackhat SEO techniques
    • h. Use of any automated testing tools that automatically generate significant volumes of traffic
    • i. Client Program/Project specific out of scope systems
  14. Standard Non-Qualifying Vulnerabilities

    There are instances where many vulnerabilities reported can be termed as false positives or non-qualifying vulnerabilities. These may include (and not limited to) disclosure of publicly available data or files, weak captcha, Logout cross-site request forgery or bugs that require extra efforts and interactions with the Client users etc. Researcher agree to respective Client Program/Project details to understand Non-Qualifying vulnerabilities.

  15. Force Majeure

    Neither party shall be liable for any default or delay in the performance of its obligations hereunder (except for payments) if and to the extent such default or delay is caused, directly or indirectly, by acts of God, governmental acts, accidents, wars, terrorism, riots or civil unrest, fires, storms, earthquakes, floods or elements of nature, or any other similar cause beyond the reasonable control of such party, provided such default or delay could not have been prevented by reasonable precautions and cannot reasonably be circumvented by the non-performing party through the use of commercially reasonable alternative sources, workaround plans or other means.

  16. Agreement on Evidence

    In an event of dispute, following shall be agreed by all parties as valid evidence :

    • All forms electronic data transmitted through email messages and/or Bug86 Platform and/or Bug86 Site including but limited to electronic signatures, time stamp tokens, credential data etc.
    • All forms of mutually signed agreements or documents
  17. Agreement Term and Termination

    This Agreement between parties shall have the effective date as date of registration on Bug86 Platform and/or Bug86 Site and/or mutual signing of any agreement to use the services. The agreement will remain effective until Client, User or Researcher deactivate their account and/or terminate the program and/or project and/or agreement in writing.

    The Client and Bug86 may suspend, terminate the Program and/or Project that it defined at any time and without giving any further clarifications. If Client terminates this Agreement or a SOW for any reason, Client agrees to pay Bug86 within 30 days for all services performed by Bug86 up to the date of cancellation that have not previously been paid. Additionally, if Client terminates this Agreement or any agreement other than for cause, then Client shall pay to Bug86, as a cancellation fee and not as a penalty, an amount equal to the sum of the service charges for the remainder of the 12 months.

    Bug86 may terminate Researcher’s access to and use of the Bug86 Platform, at Bug86's sole discretion, at any time and without notice to the Researcher.

  18. Subcontracting - Assignment

    Bug86 shall reserve the right to assign and/or subcontract the services hereunder anytime without notice to Client, User and Researcher to any third party it deems appropriate at its own discretion whether in whole or in part.

  19. Confidentiality

    “Confidential Information” shall mean any and all proprietary or confidential Technical and Non-Technical Information shared in writing, orally or visually. Non-Technical Information means information related to Bug86 and Client’s financial, purchasing, manufacturing, personnel, merchandising, and marketing activities. “Technical Information” is any information that is not Non-Technical Information and includes, but is not limited to, proprietary inventions, know-how, processes, algorithms, software programs, software source documents, functional requirements, design details, system and associated specifications related to the current, future and proposed products and services of client or Bug86, and also includes vulnerability reports and all information associated with the program of the Client or the user received by the Researcher for the purpose of Tests and all the associated oral, electronic and written information concerning research, experimental work, and development projects. Confidential information also includes any information that violates the proprietary rights of any third party.

    You acknowledge that you i.e Receiving Party may receive Confidential Information from Bug86 or the Client or the User authorized by the Client or the Researcher i.e disclosing party (whichever is applicable). The receiving party agrees not to divulge to any third person any Confidential Information of another party and not to use any Confidential Information of another party for any purpose not contemplated by the Terms or without a prior written consent of the Disclosing party.

    Bug86 may use Client’s and/or Researcher’s Your name in any public marketing activity describing the relationship between the parties.

  20. Links to Third Party Websites or Resources

    The Services may contain links to third-party websites or resources. Bug86 provides these links only as a convenience and is not responsible for the content, products or services on or available from those websites or resources or links displayed on such websites. Client, User or Researcher acknowledges sole responsibility for and assumes all risk arising from Client’s, User’s or Researcher’s use of any third-party websites or resources.

  21. Entire Understanding

    This Agreement constitutes the entire understanding between BUG86 and YOU in respect to the subject matter of this Agreement and supersedes all prior communications, understandings, and agreements, written or oral. Your failure to enforce at any time any of the provisions hereof shall not be a waiver of such provision, or any other provision, or of the right of such party thereafter to enforce any provision hereof. If any provision specified in this Agreement shall be invalid under any applicable law, the invalid provision, or portion thereof, shall be struck and the remainder, if any, shall be deemed enforceable to the extent permitted under the applicable law, and the remaining provisions of this Agreement shall be given effect in accordance with their terms.

  22. Notices

    All notices or any other communication to Bug 86 can be sent to Email: legal@threatbar.com

  23. Governing Law and Dispute Resolution

    Terms and conditions of the User Agreement shall be governed by Indian Law and are subject to the jurisdiction only of the Courts of Mumbai, Maharashtra, India. The Parties to this Agreement hereby submit to the exclusive jurisdiction of the Courts of Mumbai, Maharashtra, India.