Segment

  • $100 – $2,500 per vulnerability
  • Up to $7,000 maximum reward
  • Safe harbor
  • Managed by Bugcrowd

Program stats

294 vulnerabilities rewarded

Validation within 3 days
75% of submissions are accepted or rejected within 3 days

$1,170.83 average payout (last 3 months)

Latest hall of famers

Recently joined this program

Disclosure

Please note: This program does not allow disclosure. You may not release information about vulnerabilities found in this program to the public.

NOTE: Sign up for Segment using your @bugcrowdninja.com email addresses, otherwise your accounts might be banned when we notice bad behavior

Segment is one place to collect customer data and send it to your tools for analytics, marketing automation, and raw data access with SQL. Implement all of your event tracking with Segment’s single API instead of wrangling a new API for every new tool or database. Segment's integrations let you send your data to hundreds of tools and databases.

This program adheres to the Bugcrowd Vulnerability Rating Taxonomy for the prioritization/rating of findings.

Area of Focus - $7,000

Segment cares deeply about our customers and their data. Security issues that allow unauthorized access without interaction to another workspace's event data, API keys, passwords, or other data deemed highly sensitive by Segment will be be given a "P0" reward of $7,000.

Scope and rewards

Program rules

This program follows Bugcrowd’s standard disclosure terms.

For any testing issues (such as broken credentials, inaccessible application, or Bugcrowd Ninja email problems), please email support@bugcrowd.com. We will address your issue as soon as possible.

This program does not offer financial or point-based rewards for P5 — Informational findings. Learn more about Bugcrowd’s VRT.