Bold is committed to protecting the privacy and security of our customers. Despite our efforts to keep our platform secure, we realize we may have missed something. Bold’s Bug Bounty Program is our way to reward security researchers for finding serious security vulnerabilities in the In Scope properties listed below.
Accordingly, recognizing that we may have missed something, we encourage individual security researchers to analyze our solutions to make them safer for our merchants. Bold’s Bug Bounty Program is our way to reward security researchers for finding serious security vulnerabilities in the In-Scope properties listed below.
If you think you have found a security vulnerability in our solutions, please contact us! We’ll investigate the issue and try to resolve it quickly. Before you report an issue, review this page.
Our team strives to:
To protect both Bold and security researchers, we ask you to comply with the following policies:
Bold reserves the right to cancel this program at any time and the decision to pay a bounty is entirely at our discretion. Your testing and submission must not violate any law, or disrupt or compromise any data that is not your own. There may be additional restrictions on your ability to submit content or receive a bounty depending on your local laws.
Bold considers activities conducted consistent with this program to constitute “authorized” conduct under the Computer Fraud and Abuse Act. If legal action is initiated by a third party against you and you have fully complied with this program, Bold will take steps to make it known, either to the public or to the court, that your actions were conducted in compliance with the Bold policy.
Upon Bold’s request, you will execute, acknowledge and deliver such further instruments, and will otherwise cooperate and do all other acts as may be necessary or appropriate in order to perfect or carry out the purpose and intent of these terms.
Participating in Bold’s Bug Bounty Program requires that you follow our guidelines. Adhere to the following guidelines to be eligible for rewards as part of this program:
The following services and domains are considered in scope: all of Bold’s solution admin consoles and all of Bold’s APIs
Generally speaking, any bug that poses a significant vulnerability to our merchants could be eligible for reward. It’s entirely at Bold’s discretion to decide whether a bug is significant enough to be eligible for reward. Security issues that typically would be eligible include:
Things that aren’t eligible for reward include:
To report an issue: Send an email to [email protected].
Include information about the vulnerability and detailed steps on how to replicate it. The report must pertain to an item explicitly listed under our in-scope vulnerabilities section.
The report should also contain as much detailed information as you can include—ideally, a description of your findings, the steps needed to reproduce the issue, when you discovered the vulnerability and the vulnerable component.
If you have any questions about our Bug Bounty Program, contact [email protected].