Skip to content
Fortworx

Claims and Grants

Overview

Fortworx includes a claims and grants system that allows security researchers to claim credit for their findings and receive rewards. Workspace teams can review claims, offer recognition, and issue bounty payments.

Claims

A claim represents a researcher’s request for credit on a report they submitted. Claims go through a defined lifecycle managed by both the researcher and the workspace team.

Claim Lifecycle

  1. Not Claimed (Open) — The default state when a report is created. No claim has been made.
  2. Recognized — The system has recognized the claim as belonging to a known researcher.
  3. Raised — The researcher has raised a claim requesting credit or a reward.
  4. Pending Review — The workspace team is reviewing the claim via grants.
  5. Verified (Accepted) — The claim has been accepted by the workspace.
  6. Rejected — The claim has been rejected by the workspace.
  7. Abandoned — The researcher or workspace has abandoned the claim. An abandoned claim can be re-raised.

State Transitions

  • Open → Recognized
  • Recognized → Raised
  • Raised → Pending Review, Accepted, Rejected, or Abandoned
  • Pending Review → Accepted, Rejected, or Abandoned
  • Accepted → Abandoned
  • Rejected → Abandoned
  • Abandoned → Raised (re-opened)

Grants

A grant is a reward offered by the workspace in response to a claim. Grants are the mechanism through which researchers receive recognition or payment.

Grant Types

  • Hall of Fame — Public recognition for the researcher’s contribution.
  • Bug Bounty — A monetary reward for finding a valid vulnerability.

Grant States

  • Raised — The grant has been created.
  • Under Review — The grant is being reviewed.
  • Approved — The grant has been approved for payment or recognition.
  • Denied — The grant has been denied.

Bounty Payments

Bug bounty grants include a reward amount and currency (default USD). Once a grant is approved, payment can be processed through Stripe Connect. Researchers set up their payout account through the researcher portal to receive payments.

Scope Eligibility

Each scope can be configured as eligible or ineligible for bounty rewards. Only reports matching a bounty-eligible scope can have bug bounty grants created for their claims.