bug bounty people


Avochato's Bug Bounty Program

This program encourages and rewards developers, and security researchers who help make Avochato a secure environment.


Program Requirements

Please follow these instructions carefully, as not following them may lead to an invalidated submission for bounty rewards. The Avochato team appreciates your help.

Developers and security researchers are required to first notify Avochato in advance by emailing if they intend to perform any automated testing such as pentests. These tests should be run at a mutually agreed upon date and time of day to minimize any impact on Avochato customers.

Once permission to test is granted, developers and security researchers can submit a detailed bug report to .

On a quarterly basis Avochato will evaluate all valid bug submissions that have been remediated during that quarter and award bounties for those Avochato considers to be the most significant ones for the quarter.

Bounty rewards range based on criteria such as the type/severity of the bug, impacted domain(s), potential bug exploits, and bug report submission quality.

All awards and criteria used to determine the top remediated bugs are solely at the discretion of Avochato Inc. and the Avochato Bug Bounty Board. Rewards to individual researchers based internationally may be subject to limitations and caps depending on the country and entity. Please email us to learn more.