follow us on twitter . like us on facebook . follow us on instagram . subscribe to our youtube channel . announcements on telegram channel



« previous next »
Pages: [1]

Author Topic: Bugify Bug Bounty  (Read 14467 times)

Angelina

  • Moderator
  • Experienced Member
  • *****
  • Posts: 357
    • View Profile
Bugify Bug Bounty
« on: July 15, 2023, 10:03:07 am »
submit bug report: http://bugify.com

Responsible Disclosure
Security issues within our product offerings take a very high priority. We want to work with you to understand the scope of the vulnerability and ensure that we correct the problem fully.
In pursuit of the best possible security for our service, we welcome responsible disclosure of any vulnerability you find in Bugify. Principles of responsible disclosure include, but are not limited to:
Accessing or exposing only customer data that is your own.
Avoiding destroying or corrupting, or attempting to destroy or corrupt, data or information that does not belong to you.
Avoiding scanning techniques that are likely to cause degradation of service to other customers (e.g. by overloading the servers).
Keeping within the guidelines of our Terms Of Service.
Keeping details of vulnerabilities confidential until we have been notified and had a reasonable amount of time to fix the vulnerability, and further time to allow our customers a reasonable amount of time to upgrade.
In order to be eligible for a bounty, your submission must be accepted as valid by Bugify. We use the following guidelines to determine the validity of requests and the reward compensation offered:
Reproducibility - Our engineers must be able to reproduce the security flaw from your report. Reports that are too vague or unclear are not eligible for a reward. Reports that include clearly written explanations and working code are more likely to garner rewards.
Severity - More severe bugs will be met with greater rewards. We are most interested in vulnerabilities with the Bugify web app and bugify.com. Rewards are offered at our discretion.
Excluded
support.bugify.com is a third-party service and is specifically excluded from the program.
Rewards
Only 1 bounty will be awarded per vulnerability.
If we receive multiple reports for the same vulnerability, only the person offering the first clear report will receive a reward.
We maintain flexibility with our reward system, and have no minimum/maximum amount; rewards are based on severity, impact, and report quality.
Process
Contact us via the email address security@bugify.com with a detailed report of the potential vulnerability. This email should include as much of the following as possible:
Type of vulnerability.
Whether the information has been published or shared with others.
Affected products/websites and versions.
Affected configurations if applicable.
Step-by-step instructions/proof-of-concept codes to replicate the issue.
Once submitted, we will acknowledge that we have received your report with a non-automated reply within 7 days and provide an outline response plan where applicable.
We will then review the information and work to validate the reported vulnerability. In the event that a true vulnerability is discovered we will complete the investigation and notify the reporter. Where appropriate the reporter will receive results of the vulnerability findings, a plan for resolution and plans for public disclosure.
Policy: https://bugify.com/security
Logged
Pages: [1]
« previous next »