Cloudways

  • $50 – $4,000 per vulnerability
  • Partial safe harbor

Program stats

  • Vulnerabilities rewarded 37
  • Validation within 5 days 75% of submissions are accepted or rejected within 5 days
  • Average payout $293.33 within the last 3 months

Latest hall of famers

Recently joined this program

Disclosure

Please note: This program does not allow disclosure. You may not release information about vulnerabilities found in this program to the public.

Cloudways is a managed web hosting platform that specializes in providing an easy-to-manage environment for web applications.

The idea behind offering bounty for bugs is to tap into the expertise of the InfoSec community and discover the gaps in the Cloudways Platform’s security. The emphasis is on offering a secure user experience to our customers and to ensure that the Cloudways Platform remains the most secure managed hosting option for our users.


Ratings & Rewards:

At its core, this program adheres to the standard BugCrowd Vulnerability Taxonomy Rating (VRT), and initial bug priorities (and thus, the rewards) will be decided on the basis of VRT. However, in some cases the Bug priority can be revised (with consequent impact on the rewards) because of the likelihood of occurrence and impact on the below-mentioned Cloudways Targets. We reserve the right to change the priority and associated rewards of a vulnerability after assessing its impact.

Vulnerabilities that lie in “Non-Rewarded” section will only be rewarded Kudos points. These vulnerabilities are listed in the section below.

Non-rewarded findings:

Cross-Site Scripting (XSS)

Please be aware that Cloudways may take up to three weeks to accept any given submission and allocate the reward. No rewards should take longer than three weeks to process.


Scope and rewards

Program rules

This program follows Bugcrowd’s standard disclosure terms.

For any testing issues (such as broken credentials, inaccessible application, or Bugcrowd Ninja email problems), please email support@bugcrowd.com. We will address your issue as soon as possible.

This program does not offer financial or point-based rewards for P5 — Informational findings. Learn more about Bugcrowd’s VRT.