What do you need help with?

We are here and ready to help.

    Supportbench Bug Bounty Program Policy

    Supportbench knowledgebase team

    28-Feb-2024

    Introduction

    Welcome to the Supportbench Bug Bounty Program! We recognize the valuable role that the security research community plays in keeping systems secure. This document outlines the guidelines of our program, including what is expected from researchers, what constitutes a valid submission, and the rewards we offer.

    Where to Submit:

    https://www.openbugbounty.org/bugbounty/supportbench/

    Submission Guidelines

    • Acceptable Vulnerability Types
    • Cross Site Scripting (XSS)
    • Open Redirect
    • Cross Site Request Forgery (CSRF)
    • Improper Access Control

    General Requirements for Submissions

    • Submissions must include a proof of concept (PoC) and the CVSS (Common Vulnerability Scoring System) score.
    • Attach clear and concise screenshots illustrating the vulnerability.
    • Provide brief guidelines or recommendations for remediation of the identified issue.

    Testing Requirements

    • Do not use automated scanning tools which may impact system performance or integrity.
    • Do not conduct testing during weekdays to avoid any potential disruption of services.
    • Social engineering and physical attacks are strictly out of bounds.

    Rewards & Recognition

    • Small rewards will be offered for new, non-critical vulnerabilities.
    • Public recognition will be given if a critical vulnerability is found, including mentions in our Hall of Fame.

    Special Notes

    • Confidentiality is paramount; researchers must not disclose or discuss any found vulnerabilities outside of the Supportbench submission process. Failure to adhere to this will disqualify the submission from any reward.

    Reporting a Vulnerability

    • Please report all vulnerabilities through our designated reporting channel. Provide all necessary details to allow our security team to validate the issue.

    Legal Aspects

    • By participating in the program, researchers agree to avoid privacy violations, destruction of data, and interruption or degradation of our service. Supportbench reserves the right to take legal action against individuals who conduct non-compliant testing.

    Program Updates

    • Supportbench may update the Bug Bounty Program policy at any time. Researchers are encouraged to review these guidelines regularly to ensure compliance.

     

    Facebook Share Tweet

    Was this article helpfu?

    Yes No

    Thank you for voting

    Comments

    Avatar
    dcfvbnm 15-Apr-2024

    Hello Team,
    I am submitted few bugs in this program. please check and fix these issue.

    ×
    Select company

    You are related to multiple companies. Please select the company you wish to login as.