What do you need help with?

We are here and ready to help.

Supportbench Bug Bounty Program Policy

Introduction

Welcome to the Supportbench Bug Bounty Program! We recognize the valuable role that the security research community plays in keeping systems secure. This document outlines the guidelines of our program, including what is expected from researchers, what constitutes a valid submission, and the rewards we offer.

Where to Submit:

https://www.openbugbounty.org/bugbounty/supportbench/

Submission Guidelines

  • Acceptable Vulnerability Types
  • Cross Site Scripting (XSS)
  • Open Redirect
  • Cross Site Request Forgery (CSRF)
  • Improper Access Control

General Requirements for Submissions

  • Submissions must include a proof of concept (PoC) and the CVSS (Common Vulnerability Scoring System) score.
  • Attach clear and concise screenshots illustrating the vulnerability.
  • Provide brief guidelines or recommendations for remediation of the identified issue.

Testing Requirements

  • Do not use automated scanning tools which may impact system performance or integrity.
  • Do not conduct testing during weekdays to avoid any potential disruption of services.
  • Social engineering and physical attacks are strictly out of bounds.

Rewards & Recognition

  • Small rewards will be offered for new, non-critical vulnerabilities.
  • Public recognition will be given if a critical vulnerability is found, including mentions in our Hall of Fame.

Special Notes

  • Confidentiality is paramount; researchers must not disclose or discuss any found vulnerabilities outside of the Supportbench submission process. Failure to adhere to this will disqualify the submission from any reward.

Reporting a Vulnerability

  • Please report all vulnerabilities through our designated reporting channel. Provide all necessary details to allow our security team to validate the issue.

Legal Aspects

  • By participating in the program, researchers agree to avoid privacy violations, destruction of data, and interruption or degradation of our service. Supportbench reserves the right to take legal action against individuals who conduct non-compliant testing.

Program Updates

  • Supportbench may update the Bug Bounty Program policy at any time. Researchers are encouraged to review these guidelines regularly to ensure compliance.

 

Facebook Share Tweet

Was this article helpfu?

Yes No

Thank you for voting

×
Select company

You are related to multiple companies. Please select the company you wish to login as.