I found a security vulnerability, not traditional bugs on product because a lot of internal information could be stolen.
Is there a reward for this?
I found a security vulnerability, not traditional bugs on product because a lot of internal information could be stolen.
Is there a reward for this?
No, but can submit at Security | Bubble
I dont think reporting a VERY CRITICAL vulnerability for free is a good idea.
Hope your assets are safe before hackers come and steal them
Cheer!
Yes there is. It’s based on the type of vulnerability highlighted and whether or not it’s a real vulnerability. It’s a sliding scale reward system. We only know the reward we will receive after we report it and the fix is in place.
Go ahead and report what you found.
Thank you for your information.
Okay, I believe you. I will send my report to you for review and final conclusion.
Can I send the report via Bug Report | Bubble?
Yes, that would be correct place.
security@bubble.io is the security email but I’m sure reports made through big reports would make their way there too.
Thank you for your response.
I sent my submission this way. Please check asap!
After I submitted the report, the bug was fixed immediately and they replied that there was no reward for this submission then deleted my comments.
That is fantastic
Must have been one of those bugs that is not reward worthy…but hey, at least you got it fixed, that should be enough of a reward
It is very critical bug. You can ask your team to see my submission
FYI the people that respond to this thread don’t work for Bubble, we’re just community members
In reality, there are several vulnerabilities…
which is one reason why Bubble isn’t HIPPA compliant…or several other compliancies.
You just have to be sure your use case doesn’t expose sensitive data…
or use a platform that is compliant if your app requires that.
@senecadatabase Hello, can you tell me about them?
No.
I’m not going to advertise other platforms when I’m using a Bubble forum.
Do your research into what you need and go from there.
This topic was automatically closed after 14 days. New replies are no longer allowed.
Have you received any updates on this?