Open Bug Bounty selected among the
Top 5 Bug Bounty programs to watch
in 2021 by The Hacker News

For security researchers
Report a Vulnerability
Submit, help fixing, get kudos.
For website owners
Start a Bug Bounty
Run your bounty program for free.
956,659 coordinated disclosures
601,531 fixed vulnerabilities
1,318 bug bounty programs, 2,629 websites
22,660 researchers, 1,302 honor badges

Riskified Bug Bounty Program

Riskified runs a bug bounty program to ensure the highest security and privacy of its websites. Everyone is eligible to participate in the program subject to the below-mentioned conditions and requirements of Riskified

Open Bug Bounty performs triage and verification of the submissions. However, we never intervene to the further process of vulnerability remediation and disclosure between Riskified and researchers.

Bug bounty program allow private submissions only.

Bug Bounty Scope

The following websites are within the scope of the program:

*.riskified.com

Non-Intrusive Submissions Handling

The following section encompasses submission of the vulnerabilities that do not require intrusive testing as per Open Bug Bounty rules:

- Cross Site Scripting (XSS)
- Open Redirect

- Cross Site Request Forgery (CSRF)
- Improper Access Control

General Requirements:

- In Scope:
-- www.riskified.com/* (website, internal pages, and associated services)
-- Cross Site Scripting (XSS)
-- Open Redirect
-- Cross Site Request Forgery (CSRF)
-- Improper Access Control
-- Injection (any kind)
-- Clickjacking

- Out of Scope:
-- DMARC
-- SPF

Testing Requirements:

Requirements that the researcher disclose methodology when reporting

Possible Awards:

Awards depend on severity as determined by our risk matrix

Community Rating

Provided by security researchers who reported security vulnerabilities via this bug bounty program:

 
Response Time  Information How quickly researchers get responses to their submissions.
Remediation Time  Information How quickly reported submissions are fixed.
Cooperation and Respect  Information How fairly and respectfully researchers are being treated.

Researcher's comments

No comments so far.

  Latest Patched

 07.05.2021 baliza.go.gov.br
 07.05.2021 pequizeiro.to.gov.br
 07.05.2021 castanheiras.ro.gov.br
 07.05.2021 huji.ac.il
 07.05.2021 www6.caixa.gov.br
 07.05.2021 nasatheme.com
 07.05.2021 itaipulandia.pr.gov.br
 07.05.2021 detran.rr.gov.br

  Latest Blog Posts

25.04.2021 by ParanjpeSanmarg
Testing Subdomain Takeover Vulnerability
11.04.2021 by Open Bug Bounty
Better Notifications Mechanism
28.03.2021 by febin_rev
Windows Stack Buffer Overflow in a real life app — Exploit development — CloudMe_1.11.2 Buffer Overflow-CVE-2018–6892
10.02.2021 by Renzi25031469
Sysadminotaur nº88
10.02.2021 by Open Bug Bounty
Higher Submissions Quality Standard

  Recent Recommendations

@obb20210429     6 May, 2021
    Twitter obb20210429:
Thanks for a quick and useful report that helped us find and resolve the issue.
@MrGviana     6 May, 2021
    Twitter MrGviana:
Ricardo, thank you for reporting vulnerabilities and helping me to solve them.
@aguiar_security     6 May, 2021
    Twitter aguiar_security:
Hey Ricardo, thanks for helping us :)
@aguiar_security     6 May, 2021
    Twitter aguiar_security:
Hey Ricardo, thanks for helping us :)
@_Kkommi     6 May, 2021
    Twitter _Kkommi:
Thank you for letting us know about the issue and helping to make the web a safer place