The bug reporting program at Brick serves as a platform for reporting issues within our existing systems and business processes. With a focus on continuous improvement, we have introduced a program that welcomes contributions from bug hunters, users, and system feasibility researchers. While participation in the program is voluntary and unpaid, it does not exclude the possibility that thorough and comprehensive reports may be recognized and valued by the management in various meaningful ways. As a result, the program fosters a collaborative environment that encourages contributors to actively engage in enhancing Brick's operations.

Report category is divided into 3 classification below

Type Description
Security Report A significant security report encompasses findings with risk implications for both application and infrastructure systems. In the security context, this report provides a technical analysis, including risk assessment, attack methods, vulnerability severity levels, and concrete evidence such as exploitation or demonstration of weaknesses. By offering in-depth technical information, the report enables the security team to effectively respond and address issues, making it a key instrument in enhancing overall system security.
Business Process Report A report on findings of errors or weaknesses in the business process within an application encompasses the identification of issues related to the execution of business processes at the application level. Technically, the report provides in-depth analysis of vulnerabilities, including exploitation demonstrations and replication steps. Recommendations for improvement are also included to support development or business improvement efforts. This report holds crucial technical details for understanding and enhancing the efficiency of business processes within the application.
Feasibility Product Report The report on findings of feasibility issues in Brick's product explains the identification of aspects that need improvement to enhance quality. Technically, the report includes an analysis of performance, security, and reliability, with findings potentially involving security vulnerabilities, weaknesses in business logic, or performance issues. Technical details encompass specific improvement recommendations, demonstration of replication steps, and an in-depth understanding of the impact of improvements on the overall product functionality. The report is designed to provide technical insights to the development team to support the enhancement and improvement of Brick's product.
Report Level
Severity Level Description
Critical An issue or finding with the highest severity level that can cause significant harm or damage to the core functionality of the system. Typically requires immediate attention to maintain system security and integrity.
High An issue or finding with a high severity level, although not as critical as Critical. Requires serious attention and prompt action to avoid adverse impacts.
Medium An issue or finding with a moderate severity level. Can affect functionality or security but is not as urgent or severe as Critical or High.
Low An issue or finding with a low severity level. Usually not urgent and may be addressed over a longer period without causing serious impacts.
Informational/Suggestion Additional information or suggestions unrelated to critical issues or security, but may provide value or recommendations for improvement. Typically has lower impact.

Rules and Procedure

Received reports must contain accurate and valid information and will be thoroughly assessed and verified by the Brick team. The evaluation process is carried out internally and ensures the reliability of the reports. Every report that is deemed valid will receive a response from the relevant team as a follow-up.

All findings must be submitted via email to [email protected], including at least the following information:

  1. Email Subject :
    1. Security Report : <Vulnerability Name> - <Severity> - <Impact>
    2. Business Process Report : <Product Name> - <Business Impact>
    3. Feasibility Product Report : <Bug Name> - <Feature>
  2. Report Title
    1. Security Report : <Vulnerability Name> - <Severity> - <Impact>
    2. Business Process Report : <Product Name> - <Business Impact>
    3. Feasibility Product Report : <Bug Name> - <Feature>
  3. Description of the finding
  4. Proof of Concept (PoC) in the form of images and videos, or at least chronological images.

Each finding will undergo internal verification and analysis, with a response within 5 working days to confirm whether the finding is considered valid or not.

All valid reports will be processed through the legal procedure, and a certificate will be issued upon the completion of the valid report and legal process.

Valid reports that have undergone technical processing will then be forwarded to the legal team for the issuance of a Non-Disclosure Agreement (NDA). Upon completion of the legal process, Brick will issue an official certificate as a token of appreciation and acknowledgment to the contributor. This certificate will include the sender's name, report title, category, and Report Level Classification, along with the signature of Brick's CEO or CTO.