Bug86 Private Ltd is a private limited company duly constituted under the Companies Act 1956, (hereinafter referred to as “Bug86” or the “COMPANY”). Bug86 has developed a software / platform / software as a service which can be used by a Clients and Researchers by accessing the website www.Bug86.com or www.threatbar.com.
Bug86 Platform is a platform which provides testing and/or vulnerability management software-as-a-service. Clients and Users may subject their Systems or any part thereof and disclose the same as a Program or a project on the BUG86 Platform for testing to be performed by Researchers. Researchers may carry out the testing as per the terms and conditions of the Program or a project disclosed by the Client on the BUG86 platform.
By agreeing to use the Bug86 Platform or the website www.Bug86.com or www.threatbar.com, the Client ,User or Researcher (Collectively referred to as You) agree to abide by the following terms and conditions:
Bug86 Platform is a platform which provides testing and/or bugs management software-as-a-service. Clients and Users may subject their Systems or any part thereof to Testing to be performed by Researchers.
Client and User can create appropriate Programs/Projects to present to Researcher detailing the Program and Project and its System. Researcher who agree to Program and/or Project details and guidelines will test the system and present the vulnerability report. Client may compensate a Researcher who helped discover a valid flaw and who established a clear connection to the severity level provided for in the Program/Project by granting him or her rewards as agreed with Bug86.com and more particularly described in the program and/or project terms and conditions and scope of the such program and project. The rewards can be tangible, financial or in other intangible form.
You undertake to:
Access to Services and Warranty
You expressly acknowledge and agree that use of BUG86 is at your sole risk and that the entire risk as to satisfactory quality, performance, accuracy and effort is with You. To the maximum extent permitted by applicable law, BUG86 and any services performed or provided by BUG86 are provided "as is" and “as available”, without warranty of any kind, and BUG86 hereby disclaims all warranties and conditions with respect to any services, either express, implied or statutory, including, but not limited to, the implied warranties and/or conditions of merchantability, of satisfactory quality, of fitness for a particular purpose, of accuracy, of quiet enjoyment, and non-infringement of third party rights. BUG86 does not warrant against interference with your enjoyment of BUG86 and the functions contained in, or services performed or provided by BUG86 will meet your requirements, that the operation of Bug86 will be uninterrupted or error-free, or that defects in BUG86 or services will be corrected. No oral or written information or advice given by BUG86 or its authorized representative shall create a warranty.
The Client and Users shall undertake to implement and maintain the security of their entire data, files, utilities protecting from destruction, loss, or alteration prior to, during and after the tests.
The Client and Users shall acknowledge having been advised by Bug86 of the importance of preparing well for the Tests.
Intellectual Property Rights
Bug86 Platform, Bug86 Site, all portals, software, data processing systems or mechanisms, computer code, source code, report templates, CPE, trade secrets, know-how, patents, trademarks, trade names, copyrights, including websites and services portal and their content processes, inventions, discoveries, concepts, improvements, and original works of authorship and derivative works thereof, including the design, manufacture, operation or service of any equipment whether purchased or licensed that Bug86 has prepared, developed, acquired for the purpose of providing the Services shall be the sole property of Bug86 or its licensors. Except as otherwise expressly provided herein, Client, User and Researcher shall not acquire any rights in any Bug86 Technology as a result of receiving the Services.
Client, User and Researcher agrees and acknowledges that any improvement or modification to such confidential or proprietary data shall be the sole property of Bug86, regardless of whether any such improvement or modification was the suggestion and/or creation of Client, User and/or Researcher. Client, User and Researcher further agrees to use all appropriate copyright and proprietary notices on all equipment delivered hereunder regardless of their intended use
Client, User and Researcher shall not have any rights to use Bug86’s trademarks, service marks or logos for any other purpose without Bug86’s prior written approval.
Right to Use
Client shall pay to Bug86 the fees set forth in the Statement of work mutually signed.
Bug86 and/or Client, at their discretion, may remunerate Researchers in cash as set forth in the Program and or Project. The details of the compensation will be outlined for each applicable program and or project on the bug86.com or Threatbar.com.
You agree to indemnify and hold harmless BUG86, its affiliates, officers, directors, employees, consultants, licensors, agents, and representatives from any and all third party vendors, from claims, losses, liability, damages, and/or costs (including reasonable attorney fees and costs) arising from his/her/ its access to or use of BUG86 Program, Software or Services, violation of this Agreement, or infringement, or infringement by You his/her/its account, of any intellectual property or other right of any person or entity. BUG86 will notify you promptly of any such claim, loss, liability, or demand, and in addition to your foregoing obligations, you agree to provide BUG86 with reasonable assistance, at your expense, in defending any such claim, loss, liability, damage, or cost.
Limitation Of Liability
To the extent not prohibited by law, in no event shall Bug86, its affiliates, officers, directors, employees, consultants, licensors, agents, and representatives be liable for personal injury, loss or damages or any incidental, special, indirect or consequential damages whatsoever, including, without limitation, damages for loss of profits, loss of data, business interruption, cost of cover, substitute goods, out of pocket costs or any other commercial or professional damages or losses, arising out of or related to your use or inability to use Bug86, however caused, regardless of the theory of liability (contract, tort or otherwise) and even if Bug86, its affiliates, officers, directors, employees, consultants, licensors, agents, and representatives has been advised of the possibility of such damages.
In no event shall Bug86, its affiliates, officers, directors, employees, consultants, licensors, agents, and representatives be liable for any direct or indirect loss or damages in connection with any content posted, transmitted, exchanged or received by or on behalf of You or other person on or through the program or services.
Bug86 has no liability, whatsoever, to You or any third party and Bug86 disclaims any and all warranties, express and implied, that may arise out of the use of the platform or the website by You .
Bug86 has no liability whatsoever to the client for the actions of the Researcher of performing the Tests or otherwise arising out of any agreement entered into between the client and the researcher directly or indirectly or under any other circumstances whatsoever.
Standard Vulnerability Disclosure Policy and Guidelines for Researchers
Client and User can create appropriate Programs/Projects to present to Researcher detailing the Program and Project and its System. Researcher MUST agree to this Standard Disclosure Policy and Guidelines and any additional respective Client Program and/or Project details and guidelines including any subsequent updates to test the system and present the vulnerability report.
You ( Researcher ) expressly agrees to the following terms :
Standard Out of Scope
Standard out of scope list for testing is as follows
Standard Non-Qualifying Vulnerabilities
There are instances where many vulnerabilities reported can be termed as false positives or non-qualifying vulnerabilities. These may include (and not limited to) disclosure of publicly available data or files, weak captcha, Logout cross-site request forgery or bugs that require extra efforts and interactions with the Client users etc. Researcher agree to respective Client Program/Project details to understand Non-Qualifying vulnerabilities.
Neither party shall be liable for any default or delay in the performance of its obligations hereunder (except for payments) if and to the extent such default or delay is caused, directly or indirectly, by acts of God, governmental acts, accidents, wars, terrorism, riots or civil unrest, fires, storms, earthquakes, floods or elements of nature, or any other similar cause beyond the reasonable control of such party, provided such default or delay could not have been prevented by reasonable precautions and cannot reasonably be circumvented by the non-performing party through the use of commercially reasonable alternative sources, workaround plans or other means.
Agreement on Evidence
In an event of dispute, following shall be agreed by all parties as valid evidence :
Agreement Term and Termination
This Agreement between parties shall have the effective date as date of registration on Bug86 Platform and/or Bug86 Site and/or mutual signing of any agreement to use the services. The agreement will remain effective until Client, User or Researcher deactivate their account and/or terminate the program and/or project and/or agreement in writing.
The Client and Bug86 may suspend, terminate the Program and/or Project that it defined at any time and without giving any further clarifications. If Client terminates this Agreement or a SOW for any reason, Client agrees to pay Bug86 within 30 days for all services performed by Bug86 up to the date of cancellation that have not previously been paid. Additionally, if Client terminates this Agreement or any agreement other than for cause, then Client shall pay to Bug86, as a cancellation fee and not as a penalty, an amount equal to the sum of the service charges for the remainder of the 12 months.
Bug86 may terminate Researcher’s access to and use of the Bug86 Platform, at Bug86's sole discretion, at any time and without notice to the Researcher.
Subcontracting - Assignment
Bug86 shall reserve the right to assign and/or subcontract the services hereunder anytime without notice to Client, User and Researcher to any third party it deems appropriate at its own discretion whether in whole or in part.
“Confidential Information” shall mean any and all proprietary or confidential Technical and Non-Technical Information shared in writing, orally or visually. Non-Technical Information means information related to Bug86 and Client’s financial, purchasing, manufacturing, personnel, merchandising, and marketing activities. “Technical Information” is any information that is not Non-Technical Information and includes, but is not limited to, proprietary inventions, know-how, processes, algorithms, software programs, software source documents, functional requirements, design details, system and associated specifications related to the current, future and proposed products and services of client or Bug86, and also includes vulnerability reports and all information associated with the program of the Client or the user received by the Researcher for the purpose of Tests and all the associated oral, electronic and written information concerning research, experimental work, and development projects. Confidential information also includes any information that violates the proprietary rights of any third party.
You acknowledge that you i.e Receiving Party may receive Confidential Information from Bug86 or the Client or the User authorized by the Client or the Researcher i.e disclosing party (whichever is applicable). The receiving party agrees not to divulge to any third person any Confidential Information of another party and not to use any Confidential Information of another party for any purpose not contemplated by the Terms or without a prior written consent of the Disclosing party.
Bug86 may use Client’s and/or Researcher’s Your name in any public marketing activity describing the relationship between the parties.
Links to Third Party Websites or Resources
The Services may contain links to third-party websites or resources. Bug86 provides these links only as a convenience and is not responsible for the content, products or services on or available from those websites or resources or links displayed on such websites. Client, User or Researcher acknowledges sole responsibility for and assumes all risk arising from Client’s, User’s or Researcher’s use of any third-party websites or resources.
This Agreement constitutes the entire understanding between BUG86 and YOU in respect to the subject matter of this Agreement and supersedes all prior communications, understandings, and agreements, written or oral. Your failure to enforce at any time any of the provisions hereof shall not be a waiver of such provision, or any other provision, or of the right of such party thereafter to enforce any provision hereof. If any provision specified in this Agreement shall be invalid under any applicable law, the invalid provision, or portion thereof, shall be struck and the remainder, if any, shall be deemed enforceable to the extent permitted under the applicable law, and the remaining provisions of this Agreement shall be given effect in accordance with their terms.
All notices or any other communication to Bug 86 can be sent to Email: firstname.lastname@example.org
Governing Law and Dispute Resolution
Terms and conditions of the User Agreement shall be governed by Indian Law and are subject to the jurisdiction only of the Courts of Mumbai, Maharashtra, India. The Parties to this Agreement hereby submit to the exclusive jurisdiction of the Courts of Mumbai, Maharashtra, India.