submit bug report: https://buffer.com/legal#securityReporting an issue
We know how much work goes in to pen testing! To avoid frustration, you can check out these common non-vulnerabilities that don't qualify for rewards.
Also, the following subdomains are excluded from the scope of our reward program:
jobs.buffer.com
journey.buffer.com
Got a valid issue? Awesome! Please include:
A summary of the problem
A severity rating of 1 - 5 (1 being least severe, 5 being most ie. you can easily hijack, impersonate or access any other account or data)
A PoC or breakdown of how to replicate the issue
The operating system name and version as well as the web browsers name and version that you used to replicate the issue
Please email any issue you'd like to report to
[email protected]GPG Encryption
If you plan to provide access tokens, secure cookies or sensitive data/logs as an example, we kindly ask you to let us know and we will provide our GPG public key to you.
Rewards
We're eternally grateful for all of those who put in hard work to identify weaknesses within Buffer. For reports that are not common non-vulnerabilities, we like to reward those who responsibly disclose vulnerabilities with an acknowledgement, swag or bounty money.
