Sign-Up
Login

Bounty Hunter Program

Inkrypt Videos Bounty Hunter Program
Help us harden video DRM, dynamic watermarks, and anti-recording defenses. We pay for impactful findings and credit contributors.

Top reward up to $5,000

  • Safe harbor for good-faith research
  • Fast triage and fair rewards
  • Public credit (Optional)
Inkrypt_Bounty_hunter_program

.

Rewards & Scope

We use a severity-based model. Payouts depend on impact, exploitability, and report quality.

Severity tiers :

  • Critical — up to $5,000: Scalable DRM bypass, watermark defeat at scale or any scale issue impacting security core system.

  • High — $400–$1,000: Significant bypass with constraints, watermark defeat, major entitlement/API impact, or watermark removal under specific conditions.

  • Medium — $200–$400: Key/URL leakage, session issues, limited abuse vectors.

  • Low — $50–$200: Hardening gaps and best-practice improvements.

In scope : 

  • Playback web/app enforcing DRM

  • Dynamic watermarking logic and render layers

  • Anti-screen/cam-recording deterrence & detection

  • Content delivery, entitlement, and key-management APIs

Out of scope (e.g.):

  • Social engineering or phishing

  • Physical attacks on end-user hardware

  • DDoS, spam, or volumetric testing

  • Bugs in third-party products that run their own bounty

How it Works

How the program works : 

  1. Discover — Test only with your own accounts/data; respect privacy.

  2. Contact – Submit the attached form with a brief about the issue. We will reach out to you within 1 business day.

  3. Report — Submit a clear write-up with steps, PoC, and impact.

  4. Triage — We acknowledge within 2 business days and start validation.

  5. Fix — We prioritize by severity and keep you updated.

  6. Reward — Payout after fix/mitigation, according to the final severity.

  7. Credit — With your consent, we’ll list you in our Hall of Fame. We might also show interest in hiring you for future projects for early testing.

Eligibility & Rules

  • No access to other users’ data; use test content and your own accounts as we provide to you.

  • No service degradation, data destruction, or lateral movement.

  • Coordinate disclosure with us; do not publish before we confirm a fix or give written permission.

  • Rewards are at our discretion based on impact and report quality; duplicates are not rewarded (first valid report wins).

  • You’re responsible for any taxes or legal obligations related to rewards.

Responsible Disclosure (Safe Harbor)

If you make a good-faith effort to follow this policy, we will not pursue legal action or law-enforcement referrals. Please avoid privacy violations, unnecessary data exposure, and any actions that degrade service quality. Coordinate timelines and public disclosure with our team.

Contact: [email protected]

FAQs

Yes—after we confirm a fix or provide written permission. We’ll coordinate a timeline.

We acknowledge within 2 business days and keep you updated during triage and remediation.

We reward the first valid report only. Later duplicates may be closed as informative without payment.

Light, non-destructive scans are acceptable. Heavy scanning or fuzzing requires prior written approval.

Bank transfer or PayPal (options may vary by country). Rewards are issued after fix/mitigation.

Please report it to the vendor. If it impacts us, share details so we can coordinate.

Yes. We can credit an alias or keep your contribution private.

Rewards are subject to applicable sanctions, export controls, and local regulations.

Form Submission

Comments are closed.

POPULAR BLOGS
FEATURED BLOGS
NAVIGATION
Countries SERVED
OUR SERVICES
© 2022 Inkrypt Videos