Security Vulnerability Reporting

Responsible Disclosure

Security issues within our product offerings take a very high priority. We want to work with you to understand the scope of the vulnerability and ensure that we correct the problem fully.

In pursuit of the best possible security for our service, we welcome responsible disclosure of any vulnerability you find in Bugify. Principles of responsible disclosure include, but are not limited to:

In order to be eligible for a bounty, your submission must be accepted as valid by Bugify. We use the following guidelines to determine the validity of requests and the reward compensation offered:




Contact us via the email address with a detailed report of the potential vulnerability. This email should include as much of the following as possible:

Once submitted, we will acknowledge that we have received your report with a non-automated reply within 7 days and provide an outline response plan where applicable.

We will then review the information and work to validate the reported vulnerability. In the event that a true vulnerability is discovered we will complete the investigation and notify the reporter. Where appropriate the reporter will receive results of the vulnerability findings, a plan for resolution and plans for public disclosure.


We would like to acknowledge the following people who have responsibly disclosed security vulnerabilities in the past. Thank you for your help in keeping our customers safe.

Note: While we sincerely appreciate reports for vulnerabilities of all severity levels, this listing is reserved for people who have reported previously unknown vulnerabilities, which we have determined to be of a high or critical severity, or in cases where there has been continued research or other contributions made by the person.