Short.cm has launched a program to search for vulnerabilities and bugs. The program will help to make our service safer, better and more functional, as well as the participants pleased with rewards.
We believe that we can become even better, so we are happy to announce the launch of the bug bounty program!
The description of the program
The bug must meet some requirements to participate in the bug bounty program:
- Give access to other people's private data.
- Allow you to take actions on behalf of other customers.
- Seriously affect service stability.
An example of a valid security issue: Under some conditions, I can see the full link list of another person.
An example of an invalid issue: If a user leaves his laptop unattended, I can change his password on Short.cm.
When you notice an appropriate bug, you must send a report through email or chat support. The report has to contain:
- A detailed description of the found vulnerability.
- A detailed description of the steps to reproduce the discovered bug or a working confirmation of its presence (Proof-of-Concept).
After that, we study and evaluate the information you sent. We'll inform you about the results as soon as possible.
You can tell us about any types of bugs. We will always find time and resources to review them and thank you for your searches.