Cogoport Bug Bounty Program

    Although our team of tech experts have made every effort to mitigate all the bugs in our systems, Cogoport invites you guys to DON the researcher’s lab coat and explore our website for any such undesirable elements ruining your and other visitors’ user experience.

    If you discover a bug while exploring the website and our platform/dashboard, we appreciate your cooperation in responsibly reporting it to us so that we can address it as soon as possible. For both Security and non-security related bugs/vulnerabilities, we offer reward and recognitions (see below).

    Please note that only genuine findings/issues are eligible for rewards.

    Guidelines

    To participate in Cogoport's bug bounty program, you need to follow the following guidelines:
    • You must not proceed further if you find a severe vulnerability that allows system access.
    • Disclosing bugs to a party other than Cogoport is forbidden. All bug reports are to remain at the reporter (you) and Cogoport's discretion.
    • Exploiting/threatening or mis-using any kind of information will automatically disqualify you from participating in the program.
    For reporting any system vulnerability/issues/bugs, please investigate and report in a way that makes a reasonable, good faith effort not to be disruptive or harmful to us or our users. Otherwise your actions might be interpreted as an attack rather than an effort to be helpful.

    Eligibility

    • Generally speaking, any bug that poses a significant issue/ vulnerability could be eligible for reward. But it's entirely at our discretion to decide whether a bug is significant enough to be eligible for a reward.
    • If you are the first to alert us about an issue/bug and it leads us to make a change, we will pay you a reward based on the criticality of the issue reported.
    • To report any issue/bug/vulnerability you need to be registered with Cogoport.

    Ineligibility

    Things that are not eligible for reward include:
    • Bugs that have not been responsibly investigated and reported.
    • Bugs already known to us, or already reported by someone else (reward goes to first reporter).
    • Issues that aren't reproducible.
    • Issues that we can't reasonably be expected to do anything about.

    Our Targets

    Some of the scope of work are listed below. (These are just few examples that can act as guidelines)
    • Our website - https://www.cogoport.com
    • Container tracking mismatch on Cogoport v/s the carrier's website
    • Sailing schedule or any other shipment data that is not updated
    • Dashboard errors
    • Errors in Origin and Destination THC charges as per each shipping lines
    • Duplication of port codes/services/surcharges
    • Unexpected log-out at any particular section of the website
    • Errors in statistical data
    • Any other bugs

    Rewards

    • The minimum reward for eligible bugs is Amazon vouchers worth INR 500/1000.
    • Only one reward per bug.
    • Rewards over the minimum are at our discretion, but we will pay significantly more for particularly serious issues. We will also issue Certificate of Recognition to distinguished individuals.
    • Multiple reports over time can be eligible for an entry into our Hall of Fame.

    How to Report a Bug?

    • Fill the form (findings reported by in other manner will not be acknowledged) by clicking on the link https://www.cogoport.com/bug-bounty/report.
    • Include as much information in your report as you can. Ideally, a description of your findings, the steps needed to reproduce it, and the vulnerable component (i.e. API endpoint, etc.).
    • If you need to share screenshots, please upload them to your own Google Drive or any other upload service and share with us the links to those files in the form.
    • Include your correct name (as registered with Cogoport) and email address so we can reach out to you.

    Please provide us with the following details while submitting the report:
    • Your Full name
    • Email address used to register on cogoport platform
    • Mobile number used to register on cogoport platform
    • Any publically identifiable profile (e.g. Linkedin)
    • Include as much information in your report as you can. Ideally, a description of your findings, the steps needed to reproduce it, and the issue/vulnerable component
    • If you need to share screenshots/videos, please upload to your own Google Drive or any other upload service and share with us via email. This will help us locate and validate the bug/issue.

    Respond within 7 days to claim your reward!

    For any additional queries, shoot an email to bug.bounty@cogoport.com

    Thank you and happy hunting!

    Best Wishes,
    Team Cogoport

    Request Demo
    Request A Demo

    Gain a better understanding of how our digital platform of integrated freight solution can be of your use. No Charges Applied!

    Register
    Register with Us

    Make your freight supply-chain easier, efficient, and more transparent through a digital platform. Register now for free.

    Get Notified

    Stay up-to-date about our freight solutions


    logo
    All Rights Reserved @ Cogoport.com
    +91-9867-99-9866