- $200 – $4,000 per vulnerability
Statuspage launched in 2013 to give companies a better way to be more transparent with their customers. We recognize managing a status page outside of one’s own infrastructure can be a hassle, and hope to increase the transparency of the web by making it easier to do so.
Before you begin, please read and understand the Standard Disclosure Terms.
Below is a list of some of the vulnerability classes that we are seeking reports for:
- Server-side Remote Code Execution (RCE)
- Server-Side Request Forgery (SSRF)
- Stored/Reflected Cross-site Scripting (XSS)
- Cross-site Request Forgery (CSRF)
- SQL Injection (SQLi)
- XML External Entity Attacks (XXE)
- Access Control Vulnerabilities (Insecure Direct Object Reference issues, etc)
- Path/Directory Traversal Issues
Ensure you review the out of scope and exclusions list for further details.
Please visit https://manage.statuspage.io/security-researcher to identify yourself as a security researcher, this will give you a free account for a month. You'll need to create an account and log in to view this page.
Scope and rewards
This program follows Bugcrowd’s standard disclosure terms.
For any testing issues (such as broken credentials, inaccessible application, or Bugcrowd Ninja email problems), please email firstname.lastname@example.org. We will address your issue as soon as possible.
This program does not offer financial or point-based rewards for P5 — Informational findings. Learn more about Bugcrowd’s VRT.