What do you need help with?

Popular Suggestions
Privacy Policy
Supportbench Partner Program Terms and Conditions
GDPR
Data Protection Policy (DPA)
Terms of use

Supportbench Bug Bounty Program Policy

Supportbench knowledgebase team

28-Feb-2024

Introduction

Welcome to the Supportbench Bug Bounty Program! We recognize the valuable role that the security research community plays in keeping systems secure. This document outlines the guidelines of our program, including what is expected from researchers, what constitutes a valid submission, and the rewards we offer.

Where to Submit:

https://www.openbugbounty.org/bugbounty/supportbench/

Submission Guidelines

Acceptable Vulnerability Types
Cross Site Scripting (XSS)
Open Redirect
Cross Site Request Forgery (CSRF)
Improper Access Control

General Requirements for Submissions

Submissions must include a proof of concept (PoC) and the CVSS (Common Vulnerability Scoring System) score.
Attach clear and concise screenshots illustrating the vulnerability.
Provide brief guidelines or recommendations for remediation of the identified issue.

Testing Requirements

Do not use automated scanning tools which may impact system performance or integrity.
Do not conduct testing during weekdays to avoid any potential disruption of services.
Social engineering and physical attacks are strictly out of bounds.

Rewards & Recognition

Small rewards will be offered for new, non-critical vulnerabilities.
Public recognition will be given if a critical vulnerability is found, including mentions in our Hall of Fame.

Special Notes

Confidentiality is paramount; researchers must not disclose or discuss any found vulnerabilities outside of the Supportbench submission process. Failure to adhere to this will disqualify the submission from any reward.

Reporting a Vulnerability

Please report all vulnerabilities through our designated reporting channel. Provide all necessary details to allow our security team to validate the issue.

Legal Aspects

By participating in the program, researchers agree to avoid privacy violations, destruction of data, and interruption or degradation of our service. Supportbench reserves the right to take legal action against individuals who conduct non-compliant testing.

Program Updates

Supportbench may update the Bug Bounty Program policy at any time. Researchers are encouraged to review these guidelines regularly to ensure compliance.