Frequently Asked Questions

Why OpenCIRT?

Our mission is to secure as many websites/systems as possible. We try to do that allowing ethical hackers to operate without boundaries.

Do hackers get paid for valid reports?

Sometimes. Companies can optionally and spontaneously award bounties for the reports received. We encourage rewarding hackers but do not enforce it in any way. If that happens, bounties are split between the hacker and OpenCIRT. Plus, we may decide to award bounties ourselves as OpenCIRT for the most impactful reports.

Is hacker identity disclosed to anyone?

No, never.

How do you protect hacker identity?

We have a series of technical and procedural measures in order to protect hacker identity.

How do you make sure hackers’ activity is ethical/legal?

All the reports are validated by our internal triage team and have to comply with our Acceptable Hacking Policy.

How this is helpful for companies?

OpenCIRT activity is 100% ethical and provides companies a secure and private way to get notified about vulnerabilities in their systems from ethical hackers. Once a company is aware of a security risk, it can fix it before it gets discovered by malicious actors and exploited for bad purposes.

How this is helpful for people?

Many security issues not only impact IT systems but also expose people’s data making it an easy target for “bad hackers”. Criminals are always on the lookout for real people’s data, to perform any kind of malicious activity including scamming, spamming, spoofing, and identity theft. We are strongly committed to data protection and we will always prioritize vulnerabilities involving data exposures.

Who are you?

A group of hackers, lawyers, developers, and security enthusiasts!