We really appreciate your willingness to help make Crowdfire a bug-free social media management tool.
While we don’t have an official Bug Bounty Program just yet, we’ll be happy to reward you fairly depending on the seriousness of the bug/vulnerability.
A few points you should keep in mind -
- You should report your findings directly to us, maintaining confidentiality and without making it publicly available. This gives us an opportunity to be able to make necessary fixes quickly and avoid possible further exploitation of the vulnerability/bug.
- Reported bugs or vulnerabilities must substantially affect the security of user data, authentication flaws or affect any other system or user integrity
- Please do not attempt security test conditions that may degrade or disrupt services, violate privacy, delete data or cause any similar severely impactful scenarios
- If an existing known issue or previously reported vulnerability/bug is reported, it won’t qualify for the bounty or may qualify at the discretion of the technology team at Crowdfire.
Please reach out to us via our support email firstname.lastname@example.org and share a detailed description of the bug/vulnerability you will be reporting by including steps to reproduce it accurately and also describing the potential impact of the vulnerability.
The inclusion of screenshots or screen recordings will be highly appreciated.
While we run this program in good faith, Crowdfire reserves the right to make any changes without prior notice.
The decision on bounty eligibility will be made by Crowdfire. This will be final and binding.