Expert Trust & Safety Reward Program
The trust & safety of expert operations is paramount. The program empowers experts to help us identify issues and minimize system abuse.
Report now and claim a cash reward & certification.
Stop system abuse
Cash & Certification
Improve safety
Stop system abuse
Cash & Certification
Improve safety
Program details
Program duration
18th May 2022 to 27th May 2022.
Important dates
Event | Timeline |
First response | 2 workdays |
Initial evaluation | 5 workdays |
Processing of qualified reports | 10 workdays |
Final decision | By 3rd June 2022 |
Severity | Reward |
Low | INR 4000 |
Medium | INR 15,000 |
High | INR 60,000 |
Critical | INR 2,25,000 |
Payments
- A participant who successfully finds safety issues that meet the Program rules (as outlined in the T&C), may be entitled to receive a reward from Chegg India.
- Reward payments to experts will be remitted by a bank transfer to the bank account available on file with Chegg India expected to be paid by 15th June 2022.
- TDS (Tax Deducted at Source) will be applicable as per the prevailing income tax rules.
- Chegg India reserves the right, in its sole discretion, to prospectively modify its payment rates at any time by giving written notice. By continuing to upload reports, participants agree to be bound by the modified payment rates.
For more details, please read through the terms and conditions.
Goal of the Program
Through this program, Chegg India aims to minimize system abuse as defined below :-
Abuse risk
An “abuse risk” can be defined as a product feature that can cause unexpected damage to a user or platform when leveraged in an unexpected manner. Abuse risks arise when a product doesn’t have sufficient guardrails in place to protect its features from being (mis)used in a malicious way.
For example, wrongfully being able to upload answers.
Participants
Invited experts with active answering rights & are Indian nationals.
Timeline of the Program
This Program is effective from 18th May 2022 to 27th May 2022.
- First response (including acknowledgment of submission of a report by a participant) will be provided within 2 workdays (Mon-Fri).
- Initial qualifying evaluation shall be completed in 5 workdays (Mon-Fri) from first response.
- Qualified reports will be processed in 10 workdays (Mon-Fri)
- Decisions on the severity and reward for the qualified reports along with final results are expected to be released by 3rd June 2022.
GENERAL TERMS
These terms of the Program must be agreed upon by participants. (“participant” or “you”).
Disclosure Policy
A participant must not disclose their findings (even resolved ones) to anyone without explicit approval from Chegg India.
Program Rules
- Safety issues that were previously known to Chegg India are not eligible for a reward payment. Chegg India will attempt to inform the participant of its prior knowledge of the safety issue within two (2) workdays (Mon-Fri).
- The Program shall be run on a first-in-first-out (FIFO) basis, so the second entry of the same issue will be treated as a known issue and therefore ineligible for rewards.
- A participant must not violate the privacy of others, disrupt our systems, destroy data, interrupt, or degrade Chegg’s services, and/or harm the user experience.
- A participant must cease testing immediately if they gain unauthorized access to Chegg data or systems.
- A participant must use his/her own account and not a third party’s account.
- Social engineering (e.g., phishing, vishing, smishing) is prohibited.
- A participant must ensure that they have specific and direct knowledge regarding the abuse/safety that they are reporting.
- A participant must not violate any applicable law or regulation, including laws prohibiting unauthorized access to information.
Submitting reports
- A participant may submit their report here: https://www.cheggindia.com/etsr-experts.
- A participant must provide detailed reports with reproducible steps.
- A participant must submit one abuse risk per report, unless they need to chain them to provide impact. A participant may Combine reports if the same or similar root cause affects multiple endpoints, subdomains, or assets. Chegg India reserves the right to determine, in its sole discretion, that multiple reports pertain to a single safety issue, and are therefore, only eligible for a single payment.
- A participant must not submit false information knowingly.
Sensitive and Personal Information
- A participant must never attempt to access anyone else’s data or personal information including by exploiting a vulnerability. Such activity is unauthorized and will immediately disqualify any report from reward eligibility and may even result in legal action.
- If during testing, a participant interacts with or otherwise obtain access to data or personal information of others, they must:
- Stop testing immediately and cease any activity that involves the data or personal information or the vulnerability.
- Alert the Chegg India’s expert team at contact-india@chegg.com immediately and support investigation and mitigation efforts.
- Not save, copy, store, transfer, disclose, or otherwise retain the data or personal information, except to support the Safety team’s investigation and mitigation efforts.
Requirement for Reports:
A report must describe:
- the nature and scope of the Chegg data being abused.
- proof of the abuse being reported; and
- any information that participant has about the reason or purpose for the abuse conduct.
A single report should include all instances of abusive conduct that relate to it.
Domains in Scope
- https://www.chegg.com/
- https://expert.chegg.com
- https://www.cheggindia.com
- https://experthiring.cheggindia.com
- https://epd.cheggindia.com
- https://tbs.cheggindia.com
- https://jobapp.cheggindia.com
Out-of-scope Domains
- https://owa.chegg.com
- https://hs.chegg.com
- https://s.chegg.com
- https://service.chegg.com
- https://specials.chegg.com
- https://em.chegg.com
- https://i.chegg.com
- https://t.chegg.com
- https://corpdev.chegg.com
Out-of-scope Issues
When reporting safety issues please consider (1) attack scenario/exploitability, and (2) its security impact. The following issues are considered out of scope:
- Clickjacking on pages with no sensitive actions.
- Unauthenticated/logout/login CSRF.
- Attacks requiring MITM or physical access to a user’s device.
- Previously known vulnerable libraries without a working Proof of Concept.
- Comma Separated Values (CSV) injection without demonstrating a vulnerability.
- Any activity that could lead to the disruption of our service (DoS).
Limitations
- To be eligible for a reward, a participant must not breach any applicable laws or regulations, including laws and regulations prohibiting unauthorised access to user data.
- If a participant is unsure about any actions or if they are considering conduct that is not addressed by this policy, they must contact the Chegg India’s expert team contact-india@chegg.com before proceeding.
- Violations of this policy can lead to severe actions, including suspension or revocation of Expert Account on Chegg platform and/or legal action.
Payments
- Whether a specific report merits a reward is entirely at Chegg India’s decision, based on impact, quality of the report and other factors.
- A participant who successfully finds safety issues that meet the program rules listed above and provide sufficient reports and documentation as requested by Chegg India, may be entitled to receive a reward from Chegg India.
- Chegg India reserves the right, in its sole discretion, to prospectively modify its payment rates at any time by giving written notice. By continuing to upload reports, participants agree to be bound by the modified payment rates.
- Chegg India reserves the right to void, withhold, invalidate, or reverse in whole or in part any payment in the event of the participant’s violation of these terms, suspected activity, or failure to supply required documentation that is complete and accurate.
- Reward payments to experts will be remitted by a bank transfer to the bank account available on file with Chegg India expected to be paid by 15th June 2022.
- Chegg India will not be responsible for any delay or non-payment due to a non-functional or a deactivated bank account.
- TDS (Tax Deducted at Source) will be applicable as per the prevailing income tax rules.
- Participants in this program are responsible for any tax liability associated with payment of the reward under this Program.
Submission License
Chegg India is not claiming any ownership rights to your submission. However, by providing any submission to Chegg India, you:
- grant Chegg India the following non-exclusive, irrevocable, perpetual, royalty free, worldwide, sub-licensable license to the intellectual property in your submission: (i) to use, review, assess, test, and otherwise analyse your submission; and (ii) to reproduce, modify, distribute, display, and perform publicly, and commercialize and create derivative works of your submission and all its content, in whole or in part;
- agree to sign any documentation that may be required for us or our designees to confirm the rights you granted above;
- understand that you are not guaranteed any compensation or credit for use of your submission; and
- represent and warrant that your submission is your own work, that you haven’t used information owned by another person or entity, and that you have the legal right to provide the submission to Chegg India.
Chegg India reserves the right to alter the terms and conditions of this Program, including modifying its timeline at any point of time at its sole discretion.
This Program is effective from 18th May 2022 to 27th May 2022.
Invited experts with active answering rights & are Indian nationals.
Safety issues are broadly classified as:
Abuse risk
An “abuse risk” can be defined as a product feature that can cause unexpected damage to a user or platform when leveraged in an unexpected manner. Abuse risks arise when a product doesn’t have sufficient guardrails in place to protect its features from being (mis)used in a malicious way.
For example, wrongfully being able to upload answers.
No, known issues are not rewarded. In case a reported issue is a known issue, the reporter shall be notified through an email within 2 working days.
No. You may report as many issues as you deem appropriate.
Program duration
18th May 2022 to 27th May 2022.
Important dates
Event | Timeline |
First response | 2 workdays |
Initial evaluation | 5 workdays |
Processing of qualified reports | 10 workdays |
Final decision | By 3rd June 2022 |
Severity | Reward |
Low | INR 4000 |
Medium | INR 15,000 |
High | INR 60,000 |
Critical | INR 2,25,000 |
Payments
- A participant who successfully finds safety issues that meet the Program rules (as outlined in the T&C), may be entitled to receive a reward from Chegg India.
- Reward payments to experts will be remitted by a bank transfer to the bank account available on file with Chegg India expected to be paid by 15th June 2022.
- TDS (Tax Deducted at Source) will be applicable as per the prevailing income tax rules.
- Chegg India reserves the right, in its sole discretion, to prospectively modify its payment rates at any time by giving written notice. By continuing to upload reports, participants agree to be bound by the modified payment rates.
For more details, please read through the terms and conditions.
Goal of the Program
Through this program, Chegg India aims to minimize system abuse as defined below :-
Abuse risk
An “abuse risk” can be defined as a product feature that can cause unexpected damage to a user or platform when leveraged in an unexpected manner. Abuse risks arise when a product doesn’t have sufficient guardrails in place to protect its features from being (mis)used in a malicious way.
For example, wrongfully being able to upload answers.
Participants
Invited experts with active answering rights & are Indian nationals.
Timeline of the Program
This Program is effective from 18th May 2022 to 27th May 2022.
- First response (including acknowledgment of submission of a report by a participant) will be provided within 2 workdays (Mon-Fri).
- Initial qualifying evaluation shall be completed in 5 workdays (Mon-Fri) from first response.
- Qualified reports will be processed in 10 workdays (Mon-Fri)
- Decisions on the severity and reward for the qualified reports along with final results are expected to be released by 3rd June 2022.
GENERAL TERMS
These terms of the Program must be agreed upon by participants. (“participant” or “you”).
Disclosure Policy
A participant must not disclose their findings (even resolved ones) to anyone without explicit approval from Chegg India.
Program Rules
- Safety issues that were previously known to Chegg India are not eligible for a reward payment. Chegg India will attempt to inform the participant of its prior knowledge of the safety issue within two (2) workdays (Mon-Fri).
- The Program shall be run on a first-in-first-out (FIFO) basis, so the second entry of the same issue will be treated as a known issue and therefore ineligible for rewards.
- A participant must not violate the privacy of others, disrupt our systems, destroy data, interrupt, or degrade Chegg’s services, and/or harm the user experience.
- A participant must cease testing immediately if they gain unauthorized access to Chegg data or systems.
- A participant must use his/her own account and not a third party’s account.
- Social engineering (e.g., phishing, vishing, smishing) is prohibited.
- A participant must ensure that they have specific and direct knowledge regarding the abuse/safety that they are reporting.
- A participant must not violate any applicable law or regulation, including laws prohibiting unauthorized access to information.
Submitting reports
- A participant may submit their report here: https://www.cheggindia.com/etsr-experts.
- A participant must provide detailed reports with reproducible steps.
- A participant must submit one abuse risk per report, unless they need to chain them to provide impact. A participant may Combine reports if the same or similar root cause affects multiple endpoints, subdomains, or assets. Chegg India reserves the right to determine, in its sole discretion, that multiple reports pertain to a single safety issue, and are therefore, only eligible for a single payment.
- A participant must not submit false information knowingly.
Sensitive and Personal Information
- A participant must never attempt to access anyone else’s data or personal information including by exploiting a vulnerability. Such activity is unauthorized and will immediately disqualify any report from reward eligibility and may even result in legal action.
- If during testing, a participant interacts with or otherwise obtain access to data or personal information of others, they must:
- Stop testing immediately and cease any activity that involves the data or personal information or the vulnerability.
- Alert the Chegg India’s expert team at contact-india@chegg.com immediately and support investigation and mitigation efforts.
- Not save, copy, store, transfer, disclose, or otherwise retain the data or personal information, except to support the Safety team’s investigation and mitigation efforts.
Requirement for Reports:
A report must describe:
- the nature and scope of the Chegg data being abused.
- proof of the abuse being reported; and
- any information that participant has about the reason or purpose for the abuse conduct.
A single report should include all instances of abusive conduct that relate to it.
Domains in Scope
- https://www.chegg.com/
- https://expert.chegg.com
- https://www.cheggindia.com
- https://experthiring.cheggindia.com
- https://epd.cheggindia.com
- https://tbs.cheggindia.com
- https://jobapp.cheggindia.com
Out-of-scope Domains
- https://owa.chegg.com
- https://hs.chegg.com
- https://s.chegg.com
- https://service.chegg.com
- https://specials.chegg.com
- https://em.chegg.com
- https://i.chegg.com
- https://t.chegg.com
- https://corpdev.chegg.com
Out-of-scope Issues
When reporting safety issues please consider (1) attack scenario/exploitability, and (2) its security impact. The following issues are considered out of scope:
- Clickjacking on pages with no sensitive actions.
- Unauthenticated/logout/login CSRF.
- Attacks requiring MITM or physical access to a user’s device.
- Previously known vulnerable libraries without a working Proof of Concept.
- Comma Separated Values (CSV) injection without demonstrating a vulnerability.
- Any activity that could lead to the disruption of our service (DoS).
Limitations
- To be eligible for a reward, a participant must not breach any applicable laws or regulations, including laws and regulations prohibiting unauthorised access to user data.
- If a participant is unsure about any actions or if they are considering conduct that is not addressed by this policy, they must contact the Chegg India’s expert team contact-india@chegg.com before proceeding.
- Violations of this policy can lead to severe actions, including suspension or revocation of Expert Account on Chegg platform and/or legal action.
Payments
- Whether a specific report merits a reward is entirely at Chegg India’s decision, based on impact, quality of the report and other factors.
- A participant who successfully finds safety issues that meet the program rules listed above and provide sufficient reports and documentation as requested by Chegg India, may be entitled to receive a reward from Chegg India.
- Chegg India reserves the right, in its sole discretion, to prospectively modify its payment rates at any time by giving written notice. By continuing to upload reports, participants agree to be bound by the modified payment rates.
- Chegg India reserves the right to void, withhold, invalidate, or reverse in whole or in part any payment in the event of the participant’s violation of these terms, suspected activity, or failure to supply required documentation that is complete and accurate.
- Reward payments to experts will be remitted by a bank transfer to the bank account available on file with Chegg India expected to be paid by 15th June 2022.
- Chegg India will not be responsible for any delay or non-payment due to a non-functional or a deactivated bank account.
- TDS (Tax Deducted at Source) will be applicable as per the prevailing income tax rules.
- Participants in this program are responsible for any tax liability associated with payment of the reward under this Program.
Submission License
Chegg India is not claiming any ownership rights to your submission. However, by providing any submission to Chegg India, you:
- grant Chegg India the following non-exclusive, irrevocable, perpetual, royalty free, worldwide, sub-licensable license to the intellectual property in your submission: (i) to use, review, assess, test, and otherwise analyse your submission; and (ii) to reproduce, modify, distribute, display, and perform publicly, and commercialize and create derivative works of your submission and all its content, in whole or in part;
- agree to sign any documentation that may be required for us or our designees to confirm the rights you granted above;
- understand that you are not guaranteed any compensation or credit for use of your submission; and
- represent and warrant that your submission is your own work, that you haven’t used information owned by another person or entity, and that you have the legal right to provide the submission to Chegg India.
Chegg India reserves the right to alter the terms and conditions of this Program, including modifying its timeline at any point of time at its sole discretion.
This Program is effective from 18th May 2022 to 27th May 2022.
Invited experts with active answering rights & are Indian nationals.
Safety issues are broadly classified as:
Abuse risk
An “abuse risk” can be defined as a product feature that can cause unexpected damage to a user or platform when leveraged in an unexpected manner. Abuse risks arise when a product doesn’t have sufficient guardrails in place to protect its features from being (mis)used in a malicious way.
For example, wrongfully being able to upload answers.
No, known issues are not rewarded. In case a reported issue is a known issue, the reporter shall be notified through an email within 2 working days.
No. You may report as many issues as you deem appropriate.
This Program is effective from 18th May 2022 to 27th May 2022.
Invited experts with active answering rights & are Indian nationals.
Safety issues are broadly classified as:
Abuse risk
An “abuse risk” can be defined as a product feature that can cause unexpected damage to a user or platform when leveraged in an unexpected manner. Abuse risks arise when a product doesn’t have sufficient guardrails in place to protect its features from being (mis)used in a malicious way.
For example, wrongfully being able to upload answers.
No, known issues are not rewarded. In case a reported issue is a known issue, the reporter shall be notified through an email within 2 working days.
No. You may report as many issues as you deem appropriate.