Security & Trust

FINN´s Security

Bug Bounty

FAQs

FINN Security & Trust Center Bug Bounty

To enhance our platform and service security, we believe in investing into the security researcher community. As many oline businesses, we therefore run a bug bounty - or otherwise know as -vulnerability reward program.

What we do

Services in Scope


The scope of our program is simple. Any tech property that belongs to our business is in scope. Anything that you can break into, we have to assume an attacker can break into.

Our platform and services run under the following DNS scopes: *finn.auto



Qualifying Vulnerabilities


It is 2023 and we assume you know the common vulnerability types that an online business may be affected by. As long as the issue constitutes a tangible risk to our security posture, customer data or similar, it is likely going to qualify. Please understand this is a discretionary decision we make on a case-by-case basis for every incoming report.



Reward Structure


Incoming vulnerability reports discussed and rated by our Security Board on a monthly basis. Our goal is to reward eligible reports in a reasonable way depending on the underlying risk potential. You may receive a small „sign of appreciation“ of 50-100€ for minor issues and between 500€ and 5000€ for severe issues affecting customer data or our technology infrastructure.



Contact Us


You may report bugs by emailing security@finn.auto
If you’d like, you can encrypt using our GPG key.