Security Bounty

BlueSnap Security Bounty Program

BlueSnap works vigilantly to help keep our customers’ data secure. We recognize the important role that security researchers and our user community play towards that goal, and for that, we created a bounty program.

If you believe you have found a security vulnerability on BlueSnap, we encourage you to let us know right away via the email address below. We will investigate all legitimate reports and do our best to quickly mitigate the vulnerability.

E-mail us at [email protected]

We determine bounty eligibility at our sole discretion based on a variety of factors, including (but not limited to) impact, risk, data exposure, ease of exploitation, and quality of the report. Our bounty awards vary by the classification of the issue. We typically pay:

In the event of duplicate reports, we award a bounty to the first person to submit an issue meeting the eligibility requirements. Note that vulnerabilities reported in 3rd party systems/services are not eligible under our bug bounty program although we encourage you to report them.

Rules

Rules For You:

Rules for Us:

Scope

The following sites and applications are in scope for the bounty program:

We reserve the right to modify or terminate this program and will publish notices to that effect on our website.