Program Overview

Our Bug Bounty Program encourages responsible disclosure of security vulnerabilities found on auditbase.com. We offer rewards ranging from $100 to $1,000 based on the severity and eligibility of the reported findings. We value the contributions of the security community and are committed to working with you to resolve issues promptly.

Reward Structure

Rewards are determined based on the severity of the vulnerability, its potential impact, and the quality of the report.

Below is our reward range:
- Low Severity: $100
- Medium Severity: $250
- High Severity: $500
- Critical Severity: $1,000
‍Note: Reward amounts are subject to our discretion and the eligibility criteria outlined below.

Eligible Vulnerabilities

We are interested in vulnerabilities that impact the confidentiality, integrity, or availability of our systems.

Examples include:
- Cross-Site Scripting (XSS)
- SQL Injection
- Authentication or Authorization Flaws
- Remote Code Execution (RCE)
- Sensitive Data Exposure
- Cross-Site Request Forgery (CSRF)
- Server-Side Request Forgery (SSRF)

Out-of-Scope Vulnerabilities

The following issues are not eligible for rewards:
‍
- Theoretical vulnerabilities without proof of exploitability
- Social engineering attacks (e.g., phishing, vishing)
- Denial-of-Service (DoS) or Distributed Denial-of-Service (DDoS) attacks
- Issues requiring physical access to a device
- Vulnerabilities in third-party services not directly controlled by AuditBase
- Missing security headers or best practices without demonstrable impact
- Self-XSS or issues requiring user interaction
- Reports from automated tools without manual validation

Program Rules

To participate in the AuditBase Bug Bounty Program, please adhere to the following guidelines:
‍
1) Responsible Disclosure: Do not disclose vulnerabilities publicly until they have been resolved and approved by AuditBase.
2) No Harmful Testing: Avoid tests that could disrupt our services, degrade performance, or harm user data.
3) Provide Detailed Reports: Include clear steps to reproduce the issue, impact assessment, and any supporting evidence (e.g., screenshots, videos, or logs).
4) One Vulnerability per Report: Submit each vulnerability separately to ensure accurate evaluation.
5) Eligibility: You must not be located in a country subject to U.S. sanctions or other restricted jurisdictions.
6) Legal Compliance: Your testing must comply with all applicable laws and regulations.

How to Submit a Report

To submit a vulnerability, please send an email to security@auditbase.com with the following details:
1) A clear description of the vulnerabilitySteps to reproduce the issue
2) Affected domain (e.g., auditbase.com or subdomains)
3) Your assessment of the vulnerability’s impact
4) Any supporting materials (e.g., screenshots, PoC code, videos)
5) Your contact information for follow-up

Evaluation Process

1) Submission Review: Our security team will review your report and may reach out for clarification or additional details.
2) Validation: We will validate the vulnerability and assess its severity.
3) Resolution: If the vulnerability is eligible, we will work to resolve it and determine the reward amount.
4) Reward Payment: Rewards will be paid via a secure method (e.g., PayPal or bank transfer) after the issue is resolved.

Timeline

1) Acknowledgment: We will acknowledge receipt of your report within 3 business days.
2) Initial Response: We aim to provide an initial response within 7 business days.
3) Resolution: The time to resolve a vulnerability varies depending on its complexity, but we strive to address critical issues promptly.

Contact Us

For questions about the Bug Bounty Program or to submit a vulnerability, please email security@auditbase.com. Thank you for helping us make AuditBase a safer platform for everyone!

‍Disclaimer: AuditBase reserves the right to modify or terminate this program at any time. All reward decisions are final and at our discretion.

AuditBase Bug Bounty Program

About Our Program