Detectify
External Program
Submit bugs directly to this organization
Detectify
Even though our services are based around finding security bugs in web applications, we are not as naive as to think that our own applications are 100% flawless. We take security issues seriously and will respond swiftly to fix verifiable security issues. If you are the first to report a verifiable security issue, we'll thank you with some cool stuff and a place at our hall of fame page.
We encourage anyone to report security issues to [email protected].
Please use this format when reporting bugs (severity as low, medium or high):
plainName: %name Bug type: %bugtype Domain: %domain Severity: %severity URL: %url PoC: %poc CVSS (optional): %cvss CWSS (optional): %cwss
Anyone who doesn't work for Detectify or partners of Detectify who reports a unique security issue in scope and does not disclose it to a third party before we have patched and updated in eligible for a reward.
The domain detectify.com and any subdomain except for these:
If you can however prove that a bug under these domains have significant impact (for example fetching content on detectify.com from blog.detectify.com), a bug on these domains may qualify anyway.
Any typical web security bugs such as:
Typical "no impact" bugs such as:
So you're actually reading this? Good! First off, please don't perform research that could impact other users. Secondly, please keep the reports short and succinct. If we fail to understand the logics of your bug, we will tell you.
Detectify reserves the rights to discontinue the reward program without previous notice at any time.