green Blockchain 
Bug Bounty Program

We value the close relationship with the security research and community. To show appreciation for contributions, green Blockchain maintains a Bug Bounty Program to reward responsible disclosure of qualifying security vulnerabilities.

Responsible Disclosure Policy

You disclose responsibly if you:

 - Give us a reasonable amount of time before disclosing the vulnerability publicly
 - Make a good faith effort to not interrupt or degrade the network or services
 - Do not defraud or harm the green Blockchain or its users during your research

We do our best to respond to your submission as quickly as possible, keep you updated on the fix, and award a bounty where appropriate. 
 
Bounty Rules:

1. Adhere to the Responsible Disclosure Policy above
2. Do not attempt to gain access to another user’s account or information (use your own test accounts)
3. Report only original and previously undisclosed bugs
4. Do not disclose a bug publicly before it has been fixed
5. Do not use scanners or automated tools to find bugs
6. Do not attempt non-technical attacks such as social engineering, phishing, or physical attacks against users or infrastructure
7. Do not attack the reliability or integrity of the services (e.g, no DDoS attacks, blackhat SEO techniques, spamming, or similar questionable acts)
8. Residents in countries with active U.S. sanctions (https://www.treasury.gov/resource-center/sanctions/programs/pages/programs.aspx) are ineligible 
9. If in doubt, please email at disclosure@greenblockchain.com
10. Don't apply any damage during your investigation
11. Don't publish blockchain or user data
12. Don't share gained access with others in case you successfully penetrated the system
13. Don't make any changes in the system
14. Don't copy more information than your investigation requires
15. Don't use brute-force techniques
16. Don’t use techniques that can influence the availability of services
 
Services in Scope

All services provided by green Blockchain are eligible for our Bug Bounty Program, including services offered through greenBlockchain.com, green APIs, and app.
 
Qualifying Bugs

Any design or implementation issue that could result in substantial financial loss, data breach, or service degradation is within scope including, but not limited to:
Cross-site scripting (XSS)
Cross-site request forgery (CSRF/XSRF)
Mixed-content scripts
Authentication or authorization flaws
Server-side code execution bugs
Remote code execution
Accounting errors
Clickjacking
 
Non-Qualifying Bugs

Some security errors are not eligible for a reward because they have a low impact on security. The following type of security errors are some examples. Please don't mention such flaws unless a combination of errors can lead to a security issue with a greater impact. Depending on their impact, some disclosures may not qualify. Vulnerabilities in the following areas are examples of common exclusions:

 - Software packages not produced by green Blockchain.
 - Domains hosted by third parties
 - Green Blockchain services operated by third parties
 - Green Blockchain open source projects
 - Green Blockchain subdomains operated by third parties 
 - General error messages regarding application or server errors
 - HTTP 404 and other non HTTP 200 error codes
 - Accessibility of public files and folders (like robots.txt)
 - CSRF-issues on parts of the site that are available to anonymous visitors
 - CSRF-issues without (critical) consequences for users
 - Trace HTTP functions that may be active
 - SSL attacks like BEAST, BREACH, Renegotiation
 - SSL Forward secrecy unused
 - Anti-MIME-Sniffing header X-Content-Type-functions
 - Missing HTTP security headers
 - Presence of HTTPS Mixed Content Scripts / errors

Reporting Security Issues - How to Disclose

If you discover a problem or a vulnerability in the green Blockchain systems, report this information as soon as possible by email at disclosure@share.green. Security errors will be rewarded with a sum of bitcoins (or other digital rewards stored in the green Battery) and/or a public recognition on the "wall of fame. " The amount of the reward depends on the impact of the error. You can count on a reward if you're the first one who alerts a security issue and if this results in a change in the code or configuration. 

A bug report should include a description of the bug, reproduction instructions, and security impact (low, medium, high, critical). Green may award greater bounties for well done reports. All bounties are payable only in bitcoin (or other digital reward stored in the green Battery).

Join green.
The world's ONLY Proof of Power blockchain.
This is for informational purposes only as green™ is not registered as a securities broker-dealer or an investment adviser. No information herein is intended as securities brokerage, investment, tax, accounting or legal advice, as an offer or solicitation of an offer to sell or buy, or as an endorsement, recommendation or sponsorship of any company, security or fund.

green™ cannot and does not assess, verify or guarantee the adequacy, accuracy or completeness of any information, the suitability or profitability of any particular investment, or the potential value of any investment or informational source. The reader bears responsibility for his/her own investment research and decisions, should seek the advice of a qualified securities professional before making any investment, and investigate and fully understand any and all risks before investing.
green™ in no way warrants the solvency, financial condition, or investment advisability of any of the securities mentioned in communications or websites. In addition, green™ accepts no liability whatsoever for any direct or consequential loss arising from any use of this information. This information is not intended to be used as the sole basis of any investment decision, should it be construed as advice designed to meet the investment needs of any particular investor. Past performance is not necessarily indicative of future returns.


The information contained on this website does not convey an offer to sell or buy securities, commodities, or other financial products, and does not constitute investment advice. Moreover, no assurances can or should be assumed by any statements or descriptions, expressed or implied, regarding the past or future performance of our products and services, and the results derived therefrom. In order to further optimize our services, this site uses tracking analytics, to include cookies. (For additional information see our Privacy Policy and Terms & Conditions.)

© 2018 Green. All Rights Reserved.