Bug Bounty Program
Security Exploit Bounty Program - $5 to $25 depending on the severity
We, at Stackby take security of user data and communication very seriously. In order to maintain the best security for our service, we welcome responsible disclosure of any vulnerability you find in Stackby. Principles of responsible disclosure include, but are not limited to:
In order to be eligible for the bounty, your submission must be accepted to be valid by Stackby. We use the guidelines below to determine validity of the requests and reward the compensation.
Our engineers must be able to reproduce the security flaw from your disclosure report. Any report that is too vague or unclear are not eligible for a reward. Well written disclosure report, with images, video links, proper descriptions and working code are most likely to get rewards.
More severe the bugs, greater the rewards upto $25/reward. We're most interested in vulnerabilities with our web version of www.stackby.com. Other subdomains related to the stackby.com are not eligible for the rewards, unless it affects our main app version of www.stackby.com and it's underlying customer data. Please make sure the vulnerabilities are global, and not only for a particular user that it affects. It won't qualify for rewards unless it's not global.
Access to Staging
In order to find security vulnerabilities, please sign up on our staging server - stage9.stackby.com and confirm with us your email that you’ve signed up at firstname.lastname@example.org. Do not use our main server - www.stackby.com to find security vulnerabilities.
Examples of Qualifying Vulnerabilities
Examples of Non-Qualifying Vulnerabilities
To receive a reward, you must reside in a country, not on sanctions lists (e.g., Cuba, Iran, North Korea, Sudan & Syria). This is a discretionary program and Stackby reserves the right to cancel the program; the decision whether or not to pay a reward is at our discretion. Note that we will only give out rewards via PayPal.
PLEASE SUBMIT THE VULNERABILITY BELOW