BlueSnap Security Bounty Program

 

BlueSnap Security Bounty Program

BlueSnap works vigilantly to help keep our customers’ data secure. We recognize the important role that security researchers and our user community play towards that goal, and for that, we created a bounty program.

If you believe you have found a security vulnerability on BlueSnap, we encourage you to let us know right away via the email address below. We will investigate all legitimate reports and do our best to quickly mitigate the vulnerability.

E-mail us at bounty@bluesnap.com

Valid submissions will be awarded $100. We determine bounty eligibility at our sole discretion based on a variety of factors, including (but not limited to) impact, ease of exploitation, and quality of the report.

In the event of duplicate reports, we award a bounty to the first person to submit an issue meeting the eligibility requirements. Note that vulnerabilities reported in 3rd party systems/services are not eligible under our bug bounty program although we encourage you to report them.

Rules

Rules For You:

  • Don’t maliciously attempt to leverage the reported vulnerability
  • Don’t perform any attack that could harm the reliability/integrity of our services or data
  • Don’t publicly disclose a security vulnerability before it has been fixed
  • You cannot be a BlueSnap employee or a contractor employed by BlueSnap

Rules for Us:

  • We will respond as quickly as possible to your submission
  • We will pay the eligible bounty upon validation of the vulnerability by our security team
  • We will keep you updated as we work to mitigate the vulnerability you submitted

 

We reserve the right to modify or terminate this program and will publish notices to that effect on our website.