Application Security

Appsec submissions must receive a CVE to qualify for points. If it receives a CVE, you will get paid.

Make a blog post about it.

Attach a PoC demonstrating the bug.

Attach a reliable exploit.

The entry will be disqualified if details of the bug have already been posted widely.

The entry will be disqualified if the bug is plagiarized.

Summary of the software

Instructions for reproducing the issue

Security impact of the issue

issue timeline (discovery, disclosure, response, etc)

preferred payment method (bitcoin, paypal, privately negotiated)

Bonus points:Disqualifiers:Send the advisory writeup to bugfeed@cheapbugs.netMembership is currently not required to submit bugs. People with quality submissions will get free access for life. The subject line should contain the name of the software and bug class.Writeup should include: