Security Disclosure Policy

At Nullforge, we believe security isn’t a one-sided game — it’s a constant collaboration between defenders, builders, and the global hacker community. Every system has its weaknesses, and by working together with ethical hackers and security researchers, we aim to uncover and fix vulnerabilities before they can be exploited by malicious actors.

As a way of recognizing your skill, dedication, and contribution to keeping our systems secure, we offer exclusive Nullforge Swag, public recognition through our Hall of Fame, and collectible Bug Bounty Badges. Each valid submission not only strengthens our defenses but also helps you build your reputation as part of the Nullforge security community.

Hall Of Fame List »

What We’re Looking For

We invite you to test and assess:
• Nullforge Hive Platform (private bounty - by invite only)
• Nullforge Main Website (www.nullforge.net)
• Nullforge Blog (blog.nullforge.net)

We’re especially interested in vulnerabilities such as:
• Remote Code Execution (RCE)
• Authentication Bypass
• Privilege Escalation
• Sensitive Data Exposure
• Business Logic Flaws

Bounty

Severity	Reward
Critical	Premium Nullforge Swag + Hall of Fame + Virtual Badge
High	Swag Pack + Hall of Fame + Virtual Badge
Medium	Hall of Fame + Virtual Badge
Low	Hall of Fame + Virtual Badge
Informational	Hall of Fame + Virtual Badge

Badge System

Every valid report contributes to your badge progression:

Rules of Engagement

To keep the hunt fair and safe:

• Stay within scope.

• Do not access, modify, or delete data that isn’t yours.

• Avoid service disruption (no DoS or spam attacks).

• Work responsibly and ethically — Safe Harbor applies.

Safe Harbor

We stand behind good-faith security research. If you follow the program rules, you are authorized to test and report without fear of legal action.