<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=939333007162424&amp;ev=PageView&amp;noscript=1">

Genians Bug Bounty Program

The Genians Bug Bounty Program seeks to make products safer by quickly identifying the security of products and services with the help of security experts and rewarding security experts for their efforts.
Please report vulnerabilities via the bug bounty platform below.

Operating Background

Bug Bounty is a system that pays bounties to those who discover vulnerabilities in software or web services.

Major global companies are operating bug bounty to discover vulnerabilities in their products and services and to strengthen security, and some companies are also operating their own bug bounty. In addition, Korea NCSC and KISA operate security vulnerability reporting and reward systems to prevent intrusion accidents that exploit vulnerabilities, and Genians participates as a partner in the reporting and reward system operated by Korea’s Internet & Security Agency(KISA).


Program Scope

Vulnerabilities in the following products and services are subject to reporting.
(Reports other than the target are not eligible for rewards.)

– NAC product: Genian NAC V4.* or above
Cloud NAC CSM service
Genian Device Platform Intelligence API
– Genians company website, etc.

Note) Vulnerabilities outside of Genians products and services are not eligible for evaluation and rewards due to concerns of facilitating illegal hacking and lack of verification under the relevant law

* Note : Genian NAC Security Advisories

Membership Registration URL for CSM Bug Bounty

If you report a vulnerability without registering as a member through the URL,
you may be excluded from the reward.

Program Process

1단계. 보안 취약점 신고서 등록 (수시)

Step 1: Security Vulnerability Reporting

We will notify the reporter when the vulnerability report has been verified using the bug bounty platform below.

Bugbounty Platform

2단계. 취약점 접수 확인 (수시)

Step 2: Validate Report

Genians will check the basic information of the reported vulnerability and determine whether it is a new vulnerability.

If we are unable to verify the report, we may request supplementary information, and if it is not a new vulnerability, we will determine whether it is and provide feedback to the reporter 

3단계. 취약점 평가 (월 단위)

Step 3: Assessment/Patch

Team Genians conducts vulnerability assessments based on
the assessment criteria for
vulnerabilities determined to be emerging and patches products and services to address the

Provide feedback to the reporter
on whether the vulnerability has
been patched (end of each month).

Step 4: Rewards Period

Step 4: Rewards Period

Once the vulnerability has been patched or remediated (severity High or higher), we will finalize the bounty amount, notify the reporter of the results, and pay the bounty.

However, if the vulnerability is not patched, the reward will be paid on the following month, which is 60 days after the report is received.


Rewards for qualifying bugbounty range from 240,000 won to 9,000,000 won. Points will be calculated based on the Common Vulnerability Scoring System Version 3.1 (CVSS 3.1)

Note) Any damage to business, services, or users in the process of analyzing vulnerabilities, such as random unauthorized substitution attacks, denial of service attacks, access to third-party accounts or data, or unauthorized server penetration attempts, will be excluded from the reward

CVSS Point Level of Severity Rewards (KRW, won) Rewards (USD, ex $1=1,300 won)
9.0~10.0 Critical 5,400,000 ~ 9,000,000 $4,150 ~ $6,920
7.0~8.9 High 2,520,000 ~ 3,600,000 $1,930 ~ $2,760
4.0~6.9 Medium 720,000 ~ 1,800,000 $550 ~ $1,380
0.1~3.9 Low 240,000 ~ 480,000 $180 ~ $360
Common Vulnerability Scoring System (CVSS 3.1)
Large Category Sub Category Description
Attack Impact Scope of Influence The extent to which it can affect other permissions or resources beyond the vulnerable components
  Confidentiality Impact(C) Degree of impact in terms of confidentiality on the product
  Integrity Impact(I) Degree of impact in terms of integrity on the product
  Availability Impact(A) Degree of impact in terms of availability on the product
Exploitablility Attack Vector(AV) Degree of accessibility of the attack path
  Attack Complexity(AC) Prerequisites for acquiring attackers, such as system configuration and attribute settings
  Privileges Required(PR) Privilege level required by an attacker to exploit a vulnerability
  User Interaction(UI) Requirements that users must perform to exploit vulnerabilities



Limitations and Vulnerabilities Disclosure Policy

- Do not disclose detailed information about reported vulnerabilities to third parties until they are fixed and updated by most users (customers). However, if Genians permits it in writing, etc., it may disclose vulnerabilities.

- Please refrain from doing anything that may harm other users.

- Employees of Genians and its affiliates are not allowed to participate in this program.

Disclosure Program Policy & FAQ

지니언스 버그바운티 프로그램 이용약관

Genians’ Vulnerability Disclosure Program Policy

지니언스 버그바운티 프로그램 FAQ

Genians Bug Bounty Program FAQ

If you have any questions about reporting security vulnerabilities and reward procedures, please send them to bugbounty@genians.com
Please report vulnerabilities via the bug bounty platform below.