follow us on twitter . like us on facebook . follow us on instagram . subscribe to our youtube channel . announcements on telegram channel



« previous next »
Pages: [1]

Author Topic: Bluesnap Bug Bounty  (Read 13171 times)

Angelina

  • Moderator
  • Experienced Member
  • *****
  • Posts: 357
    • View Profile
Bluesnap Bug Bounty
« on: June 09, 2023, 06:40:46 pm »
submit bug report: https://www.bluesnap.com/legal/security-bounty/

BlueSnap Security Bounty Program
BlueSnap works vigilantly to help keep our customers’ data secure. We recognize the important role that security researchers and our user community play towards that goal, and for that, we created a bounty program.

If you believe you have found a security vulnerability on BlueSnap, we encourage you to let us know right away via the email address below. We will investigate all legitimate reports and do our best to quickly mitigate the vulnerability.

E-mail us at bounty@bluesnap.com

We determine bounty eligibility at our sole discretion based on a variety of factors, including (but not limited to) impact, risk, data exposure, ease of exploitation, and quality of the report. Our bounty awards vary by the classification of the issue. We typically pay:

No award for Low Severity issues
$100 for Medium
$250 for High
$500+ for Critical
In the event of duplicate reports, we award a bounty to the first person to submit an issue meeting the eligibility requirements. Note that vulnerabilities reported in 3rd party systems/services are not eligible under our bug bounty program although we encourage you to report them.

Rules
Rules For You:

Don’t maliciously attempt to leverage the reported vulnerability
Don’t perform any attack that could harm the reliability/integrity of our services or data
Don’t publicly disclose a security vulnerability before it has been fixed
You cannot be a BlueSnap employee or a contractor employed by BlueSnap
Rules for Us:

We will respond as quickly as possible to your submission
We will pay the eligible bounty upon validation of the vulnerability by our security team
We will keep you updated as we work to mitigate the vulnerability you submitted
Scope
The following sites and applications are in scope for the bounty program:

bluesnapvtldev.wpengine.com or www.bluesnap.com – Corporate website
https://sandbox.bluesnap.com/jsp/developer_login.jsp – Payments Services. You can create a BlueSnap test account using this link: https://sandbox.bluesnap.com/jsp/onboarding/
https://app.armatic.com/signin/ – Accounts Receivable Services. You can click on “signup” to create an account
https://support.bluesnap.com/docs/mobile-app – BlueSnap’s mobile APP. You need a BlueSnap account to download the APP to the mobile device and activate
We reserve the right to modify or terminate this program and will publish notices to that effect on our website.
Logged
Pages: [1]
« previous next »