Dropsuite Bug Bounty Program
Dropsuite is committed to keeping our customers’ data and systems secure. We reward responsible disclosures of vulnerabilities according to our Bug Bounty Program. Our Bug Bounty Program is open to the public, to avoid any misunderstandings, we assume that you have read and understood these guidelines if you participate in our program.
To be eligible for the Program, you must not:
- Be in violation of any national, state, or local law and your testing must not violate any law or disrupt or compromise any data that is not your own.
- Be an employee of Dropsuite or its partners.
- Be an immediate family member of a Dropsuite employee (or was in the six months before your submission).
- Be less than 18 years of age.
You must be reporting in an individual capacity. Dropsuite maintains the sole discretion to determine eligibility. If we determine that your Submission is eligible and offer an award, we will notify you of the amount and provide you with paperwork that must be completed before we can provide the award payment.
- Cross-site scripting
- Cross-site request forgery
- Mixed-content scripts
- SQL Injections
- Authentication or authorization flaws
- Server-side code execution
- Remote code executions
- Issues found through automated testing
- Denial of Service attacks
- Brute Force attacks
- Spam or Social Engineering techniques
- SPF, DKIM, and DMARC issues
- Content injection
- Hyperlink injection in emails
- Content Spoofing
- Full-Path Disclosure
- Clickjacking with no sensitive actions
- Strict Transport Security (HSTS)
- XSS mitigation headers (X-Content-Type and X-XSS-Protection)
- Open ports without a vulnerability
- Bugs that do not represent any security risk
- Security bugs in third-party applications
- Bugs requiring exceedingly unlikely user interactions
Please submit your Report via email to email@example.com. In your Report, please include the following information:
- Vulnerability type (buffer overflow, integer overflow, …)
- Issue impact (arbitrary code execution, information disclosure, …)
- Affected product and version
- Instructions to reproduce the issue
- A proof-of-concept (PoC)
- Low Severity Bugs SGD 50 and up
- Medium Severity Bugs SGD 100 and up
- High Severity Bugs SGD 250 and up
- Critical Severity Bugs SGD 500 and up