Com Olho exists to enable responsible, ethical, and effective vulnerability disclosure. To make that possible, we operate with clear boundaries. These are not suggestions. They are not flexible. They are the non-negotiables every security researcher must understand before engaging with the platform.

If any of these feel restrictive, Com Olho may not be the right place for you; and that’s okay.

Agreeing to the Terms Is Mandatory :

Using Com Olho means you’ve read, understood, and agreed to the platform’s Terms of Use. There is no partial acceptance and no workaround. If you disagree with any clause, you should not create an account or submit reports.

Once accepted, the Terms remain binding unless explicitly withdrawn in writing.

Eligibility Is Not Optional :

Com Olho is only available to security researchers who:

1. Are legally eligible to participate

2. Are at least 18 years old

3. Can lawfully and ethically perform security testing

Accounts found to be in violation of eligibility requirements may be suspended or terminated without notice.

Scope Is Absolute :

Every program on Com Olho defines what is in scope and what is out of scope. Testing anything outside the defined scope is a violation — regardless of intent.

“Just checking” or “accidental testing” is not an excuse.

Out-of-scope testing can result in:

1. Report rejection

2. Loss of rewards

3. Account suspension

Always confirm scope before testing. Always.

Confidentiality Is Required :

All vulnerabilities discovered through Com Olho must remain confidential until disclosure is explicitly authorized.

This means:

1. No public write-ups

2. No social media posts

3. No sharing with third parties

Responsible disclosure protects organizations, users, and researchers. Breaking confidentiality breaks trust — and trust is foundational.

Reports Must Be Timely and Complete :

Vulnerabilities must be reported promptly and through the platform. A valid report includes:

1. Clear reproduction steps

2. Evidence of impact

3. Accurate technical details

Low-effort, vague, or incomplete reports slow remediation and will not be rewarded.

Finding a bug is only half the work. Reporting it properly is the rest.

No Harmful or Malicious Behavior :

Com Olho does not tolerate activity that:

1. Disrupts services

2. Degrades system performance

3. Simulates real-world attacks without permission

This includes (but is not limited to):

1. Denial-of-Service attacks

2. Data destruction or manipulation

3. Social engineering

Ethical testing is about identifying risk — not creating it.

Platform Decisions Are Final :

Reward amounts, report status, and program outcomes are determined by Com Olho and participating organizations. Decisions are based on severity, impact, and report quality.

Negotiation, pressure tactics, or repeated disputes will not change outcomes.

Use the Platform as Intended :

All communication, reporting, and resolution must happen through Com Olho’s official workflows. Side channels, private outreach, or attempts to bypass processes undermine fairness and security.

If something is unclear, the Platform FAQs exist to clarify — not to be ignored.

Why These Rules Exist :

These non-negotiables are not barriers. They are safeguards.

They exist to:

• Protect ethical hackers

• Enable efficient remediation

• Maintain trust with organizations

• Ensure fairness across the platform

Security work demands discipline. Com Olho expects it.

Final Word

If you’re here to test responsibly, report accurately, and contribute meaningfully to security — you’re in the right place. If you’re looking for shortcuts, exceptions, or loopholes — Com Olho is not for you. And that’s non-negotiable.