Square

Block, Inc.

In 2021, Square officially changed its name to Block with Square now being one of our product lines. The Square Bug Bounty program is limited to this line of business and includes the target components outlined in the ‘Target information’ section.

Block engages with Bugcrowd to provide proactive security testing across the majority of our other product lines, however, these programs are invitation only and will remain that way for the foreseeable future. Please reach out to support@bugcrowd.com if you have any questions.

You can participate in our other product bug bounty programs as noted below:

Cash App
Square Open Source

Serious about security

Our approach to security is designed to protect buyers and sellers. We monitor every transaction, continuously innovate in fraud prevention, and we protect businesses’ data like our business depends on it—because it does. We adhere to industry-leading standards to manage our network, secure our web and client applications, and set policies across our organization.

---

Ratings and rewards

For the initial prioritization/rating of findings, this program will use the Bugcrowd Vulnerability Rating Taxonomy. However, it is important to note that in some cases a vulnerability priority will be modified due to its likelihood or impact. In any instance where an issue is downgraded, a full, detailed explanation will be provided to the researcher - along with the opportunity to appeal, and make a case for a higher priority.

We are particularly interested in problems with Square’s payment flows. Confirmed vulnerabilities that directly affect our payments flows and comply with these terms will receive a $500 minimum reward.

Access

Please sign up for an account using your @bugcrowdninja.com email address. For more info regarding @bugcrowdninja email addresses, see here.