As a company, we believe in collaborating with ethical hacking practitioners and security testers to make our product technologically sound and free from vulnerabilities. In 2022, the global market size of bug bounty platforms was worth USD 1130.74 million. And this number is likely to reach USD 2732.57 million by 2028, growing at a CAGR of 15.84%. Aligning our systems with the trends of the hour, we have launched the Docsie Bug Bounty program so that you can help us spot the flaws and fix them. The bug bounty program will consider the vulnerability types along with the vulnerability remediation and offer security researchers rewards for keeping our product secure. With your help, we can make Docsie security more robust and stronger!
Docsie Bug Bounty Program¶
To err is human, to forgive divine! And to find the errors and fix them is what Docsie aims for!
Docsie security is hard to fight against but with the constant emergence of complex technology, we do realize the importance of spotting high-risk vulnerabilities. Therefore, this program is an official call to all ethical hacking practitioners and vulnerability remediation specialists to come and join us in the journey of recognising the vulnerability types that still exist in our systems and products. If you wish to participate in this bug bounty program, make sure that you go through and understand our terms and conditions.
General and Testing Requirements¶
Docsie values security and considers it a result of a successful collaboration between the company and the expert community of security researchers. Through the Docsie bug bounty program, we aim to make our technological products more secure by diminishing all vulnerability types. As a staunch supporter of ethical hacking, we encourage all participants to adhere to the following requirements so that we can consider their vulnerability remediation for the security researchers reward.
| STEPS | REQUIREMENTS |
|---|---|
| #1 | Share your submissions with us along with a CVSS score and a working Proof of Concept (POC). This will help us to understand the impact and importance of the issue within the framework of Docsie security. |
| #2 | As you spot vulnerability/vulnerabilities in our systems, take clear screenshots of the same to explain the matter in a concise form. |
| #3 | List down your unique remediation suggestions and guidelines, addressing the concerned issue. |
| #4 | Make sure that your submission is unique, non plagiarized and aligns with the vulnerabilities of the bug bounty program. |
Guidelines for testing requirements¶
The safety and convenience of our users is of utmost importance at Docsie. So, as a participant in our bug bounty program, kindly make sure that you adhere to the following conditions.
Do not use scanners for testing vulnerability types. To be eligible for the security researchers reward, refrain from using automated scans since they can potentially harm our services.
Conduct your tests on Docsie security only on https://app.docsie.io URLs. Our official URLs are an integral part of our overall infrastructure.
Avoid conducting testing efforts during the weekends. Even if you follow ethical hacking best practices, tests during the weekends can alter the stability of our services, making it difficult for our users.
Kindly ensure that all your testing efforts are free from social engineering attacks. Follow the guidelines of the submission review process and do not perform any tasks related to baiting, phishing, tailgating or pretexting.
Things to Keep in Mind¶
According to the Open Bug Bounty rules, vulnerabilities related to the following mentioned areas will not include intrusive testing under the Docsie bug bounty program:
-
Cross-Site Request Forgery (CSRF)
-
Cross-Site Scripting (XSS)
-
Improper Access Control
-
Open Redirect
As much as we are interested in spotting vulnerability types and recognising the value of vulnerability remediation through ethical hacking, we do not permit any intrusive testing that might probe into our systems, processes or products. The bug bounty program is aimed at the detection and reporting of vulnerabilities without the usage of third-party vulnerability scanners or automated tools. Docsie security values system stability and regulatory compliance and therefore, we will not be offering the security researchers reward for any vulnerabilities that might pose threats to our website, its infrastructure or data.
Incentives and rewards¶
At Docsie, we value the dedication, hard work and sincerity of everyone who participates in the Docsie bug bounty program to address the vulnerability types hiding in our products. So, upon successful verification and vulnerability remediation, Docsie will be offering cash-based rewards with the award amount ranging from $25 to $500, depending on the seriousness and impact of the issue spotted. Please note that under all circumstances, we will offer the security researcher's reward only if the participants follow the best practices of ethical hackingand adhere to the terms and conditions of this endeavor.
Final Words¶
Docsie follows a zero-tolerance policy for unlawful activities in its bug bounty program. Our aim is to strengthen Docsie security by offering effective vulnerability remediation. Therefore, we encourage all our participants to be respectful and polite while ensuring high standards of security testing. We will accept only those submissions that are performed in good faith and will offer the security researchers reward's after thoroughly reviewing all submissions. So, what are you waiting for? Participate in the Docsie bug bounty program today and help us build products and systems that are safe and secure. Your experience, expertise and vigilance will help us ensure a better, safer technology for all users.