VibeGuard Bug Bounty Program
Help us keep VibeGuard secure. We welcome responsible security researchers to identify vulnerabilities and earn rewards for valid findings that improve our platform's security.
Program Overview
Our bug bounty program rewards security researchers for finding and responsibly disclosing vulnerabilities in VibeGuard's systems and applications.
Rewards up to $10,000
Competitive bounties based on vulnerability severity and impact. Critical findings can earn up to $10,000 in rewards.
Responsible Disclosure
We work closely with researchers following responsible disclosure practices. Your findings help improve security for everyone.
Recognition & Credits
Get public recognition on our security hall of fame and in our quarterly security reports (with your permission).
Bounty Structure
Rewards are determined by severity, impact, and exploitability of the vulnerability
| Severity | Description | Bounty Range | Examples |
|---|---|---|---|
| Critical | Remote code execution, complete system compromise, or unauthorized access to sensitive customer data | $5,000 - $10,000 | RCE, SQL injection, Authentication bypass |
| High | Significant security impact with potential for data breach or service disruption | $1,000 - $5,000 | XSS with admin impact, Privilege escalation |
| Medium | Moderate security impact that could lead to information disclosure or service degradation | $250 - $1,000 | CSRF, Information disclosure, DoS |
| Low | Minor security issues with limited impact or exploitability | $50 - $250 | Information leakage, Rate limiting bypass |
Program Scope
What's included and excluded in our bug bounty program
✅ In Scope
Web Applications
- • https://app.vibeguard.com
- • https://vibeguard.com
- • https://api.vibeguard.com
- • https://docs.vibeguard.com
Mobile Applications
- • VibeGuard iOS app
- • VibeGuard Android app
APIs & Integrations
- • REST APIs
- • GraphQL endpoints
- • Webhook handlers
- • OAuth implementations
❌ Out of Scope
Infrastructure
- • Load balancers and CDN
- • Third-party services
- • Physical security
- • Social engineering attacks
Non-Security Issues
- • Business logic flaws
- • UI/UX issues
- • Performance issues
- • Feature requests
Low Impact Issues
- • Missing security headers (unless exploitable)
- • Self-XSS without impact
- • Clickjacking on non-sensitive pages
- • Outdated software versions without exploits
Rules & Guidelines
Please follow these guidelines to ensure a smooth and productive research process
🎯Research Guidelines
- •Test only on your own accounts and data
- •Do not access or modify other users' data
- •Avoid automated scanning that could impact service
- •Do not perform denial of service attacks
- •Report findings through our secure disclosure process
- •Provide detailed reproduction steps
- •Allow reasonable time for remediation before disclosure
- •Act in good faith and respect our users' privacy
📝Submission Requirements
Required Information
- • Detailed vulnerability description
- • Step-by-step reproduction instructions
- • Proof of concept (screenshots, videos, code)
- • Impact assessment and potential exploits
- • Affected URLs, parameters, or endpoints
Submission Process
- • Email: [email protected]
- • Use PGP encryption for sensitive reports
- • Include "Bug Bounty" in the subject line
- • Expect acknowledgment within 24 hours
- • Regular updates every 5 business days
Security Hall of Fame
Recognizing security researchers who have helped improve VibeGuard's security
Alex Chen
Critical SQLi vulnerability
Maria Rodriguez
Authentication bypass
James Wilson
XSS with data access
Sarah Kim
API privilege escalation
Ready to Report a Vulnerability?
Help us improve VibeGuard's security and earn rewards for your responsible disclosure
[email protected] • PGP Key Available • Response within 24 hours