To encourage reporting vulnerabilities to tbi, we would urge you to send any vulnerabilities you detect to us and you might get rewarded for your efforts. Rewards are granted entirely at the discretion of tbi and the amount depends on the severity of the vulnerability reported, the type of website (static information sites versus online banking sites) concerned and the quality of the report we receive.
You will be eligible for a bounty only if you are the first person to disclose an unknown issue.
At tbi discretion, providing more complete research, proof-of-concept code and detailed write-ups may increase the bounty awarded. Conversely, tbi may pay less for vulnerabilities that require complex or over-complicated interactions or for which the impact or security risk is negligible. Rewards may be denied if there is evidence of program policy violations.
Rewards will be declined if we find evidence of abuse.