Details

We understand the hard work that goes into security research. To show our appreciation for researchers who help us keep our users safe, we operate a recognition and reward program for responsibly disclosed vulnerabilities. Blinksale rewards the confidential disclosure of any design or implementation issue that could be used to compromise the confidentiality or integrity of our users' data (such as by bypassing our login process, injecting code into another user's session, or instigating action on another user's behalf). Recognition in the Blinksale Security Hall of Fame may be provided for the disclosure of qualifying bugs. At our discretion, we may occasionally provide a nominal cash reward based on the creativity or severity of the bugs.

As with most security recognition and reward programs, we ask that you use common sense when looking for security bugs.

Vulnerabilities must be disclosed to us privately with reasonable time to respond.
Only vulnerabilities submitted to bugcrowd.com/blinksale are eligible for the recognition and reward program. Vulnerabilities reported via social media and/or support forms and forums are not eligible.
Researchers must avoid compromise of user accounts and loss of funds.
Researchers must properly identify any user accounts created for the purpose of security research by using the phrase "BugCrowd" in the company name or other user-input field.
We do not reward denial of service, spam, or social engineering vulnerabilities.
Although Blinksale itself and all services offered by Blinksale are eligible, vulnerabilities in third-party applications that use Blinksale are not.
Your report must include a Proof of Concept in the form of running code, screenshots or screen recording demonstrating the vulnerability

And finally, as with most security recognition and reward programs, there are restrictions. We will only recognize the first person to responsibly disclose a bug to us. Any bugs that are publicly disclosed without providing us a reasonable time to respond will not be recognized. Whether to recognize or reward the disclosure of a bug and the timing and amount of the recognition or reward is entirely at our discretion, and we may cancel the program at any time. Your testing must not violate any laws. We can’t provide you a reward if it would be illegal for us to do so, such as to residents of countries under current U.S. sanctions (e.g. North Korea, Libya, Cuba, etc.).

Thank you for helping keep Blinksale, our users, and their customers safe!

See reporting details at: https://bugcrowd.com/blinksale.