Skip to content

Ethical Hacker Code of Conduct

BBHunt Japan K.K. (the “Company”) is committed to maintaining a safe and ethical environment for all participants in our bug bounty program. This Code of Conduct outlines the expectations and responsibilities of ethical hackers.

  • Adhere to Scope: Only test systems and applications that are explicitly listed as in-scope for the bug bounty program.
  • Avoid Out-of-Scope Testing: Do not test or exploit vulnerabilities in systems, applications, or data that are out of scope.
  • Report Promptly: Report vulnerabilities promptly through the designated reporting channels provided by BBHunt Japan.
  • Avoid Public Disclosure: Do not publicly disclose any vulnerabilities or details of your findings without prior written consent from BBHunt Japan.
  • No Malicious Activity: Do not engage in any activity that could harm BBHunt Japan, its clients, or their users. This includes, but is not limited to, data theft, service disruption, and unauthorized access.
  • Respect Privacy: Do not access, modify, or delete any data that does not belong to you. Respect the privacy and confidentiality of all data encountered during testing.
  • Follow Laws: Comply with all applicable local, national, and international laws and regulations while participating in the bug bounty program.
  • Safe Harbor: BBHunt Japan provides safe harbor protection for ethical hackers who act in good faith and adhere to this Code of Conduct.
  • Communicate Respectfully: Maintain a professional and respectful tone in all communications with BBHunt Japan and its clients.
  • Provide Clear Reports: Submit clear, detailed, and reproducible reports for any vulnerabilities discovered. Include all necessary information to help BBHunt Japan understand and address the issue.
  • Stay Informed: Keep up-to-date with the latest security trends, tools, and techniques to improve your skills and effectiveness as an ethical hacker.
  • Feedback: Provide constructive feedback to BBHunt Japan to help improve the bug bounty program and its processes.
  • Avoid Conflicts: Disclose any potential conflicts of interest to BBHunt Japan. Do not participate in the bug bounty program if you have a conflict of interest that could compromise your objectivity or integrity.

8. Respect for Japanese Culture and Business Practices

Section titled “8. Respect for Japanese Culture and Business Practices”
  • Respectful Interaction: Practice respectful and courteous communication in all interactions, valuing the importance of respect and politeness in Japanese business culture.
  • Integrity: Maintain integrity in all interactions and keep your promises.
  • Minimize Data Handling: Handle only the minimum data necessary to prove a vulnerability.
  • Delete Data: Immediately delete any information obtained during testing once it has been verified by the client or the case has been closed.

The following activities are strictly prohibited:

  1. Maliciously exploiting vulnerabilities
  2. Submitting reports using only automated scanners or tools
  3. Investigating outside the defined scope
  4. Publicly disclosing or sharing reports with third parties without consent from the Company or Client
  5. Social engineering of the Company’s or Client’s employees, customers, or partners
  6. Leaving systems in a more vulnerable state than found
  7. Brute forcing or guessing credentials
  8. Involving or targeting the Company’s or Client’s employees, customers, or partners during testing
  9. Extracting, downloading, or exfiltrating data that may contain personal information or other confidential data belonging to others
  10. Engaging in activities that constitute privacy violations, data destruction, or service interruption or degradation
  11. Interacting with accounts you do not own

By participating in BBHunt Japan’s bug bounty program, you agree to abide by this Code of Conduct. Failure to adhere to these guidelines may result in disqualification from the program and potential legal action. Thank you for your commitment to ethical hacking and helping us improve security for everyone.