Avochato's Bug Bounty Program

Please follow these instructions carefully, as not following them may lead to an invalidated submission for bounty rewards. The Avochato team appreciates your help.

Developers and security researchers are required to first notify Avochato in advance by emailing bug@avochato.com if they intend to perform any automated testing such as pentests. These tests should be run at a mutually agreed upon date and time of day to minimize any impact on Avochato customers.

Once permission to test is granted, developers and security researchers can submit a detailed bug report to bug@avochato.com.

On a quarterly basis Avochato will evaluate all valid bug submissions that have been remediated during that quarter and award bounties for those Avochato considers to be the most significant ones for the quarter.

Bounty rewards range based on criteria such as the type/severity of the bug, impacted domain(s), potential bug exploits, and bug report submission quality.

All awards and criteria used to determine the top remediated bugs are solely at the discretion of Avochato Inc. and the Avochato Bug Bounty Board. Rewards to individual researchers based internationally may be subject to limitations and caps depending on the country and entity. Please email us to learn more.