Bug Bounty Program

1. Introduction

At SupplyScope, we prioritise security to ensure our platform remains safe and reliable for our users. To help us achieve this, we are excited to introduce our Bug Bounty Program. This program invites security researchers to identify and report vulnerabilities they discover within our platform. By working together with the community, we aim to strengthen our defences and provide a more secure experience for all users.

2. Scope

In-Scope for Testing:

• Marketing Website: https://supplyscope.io
• SupplyScope Application: https://app.supplyscope.io

Out of Scope:

• Any services or platforms not explicitly listed as in-scope.
• Third-party integrations.
• Denial of Service (DoS) attacks.

3. Rules of Engagement

• Reporting Method: All bugs should be reported via our official email: [email protected]. Please provide a detailed description of the vulnerability, steps to reproduce, and any evidence of the issue.
• Eligible Bugs: We are looking for vulnerabilities such as:
  • Authentication or authorisation flaws
  • Cross-Site Scripting (XSS)
  • Cross-Site Request Forgery (CSRF)
  • Server-Side Request Forgery (SSRF)
  • SQL Injection
  • Remote Code Execution (RCE)
• Exclusions:
  • Issues related to outdated browsers or unsupported versions.
  • Vulnerabilities in third-party services or applications.
  • Bugs that require physical access to devices.
• Testing Restrictions:
  • Please refrain from any activities that could disrupt our services, such as Denial of Service (DoS) attacks.
  • Social engineering, phishing attacks, or spamming our users or employees is strictly prohibited.

4. Rewards

To show our appreciation, qualified reports will be rewarded with:

• 1 Month Free SupplyScope Subscription: Unlock the full power of SupplyScope for free for one month.
• Public Recognition: Your name will be honoured in the SupplyScope Hall of Fame, acknowledging your contribution to the platform’s security.

5. How to Report a Bug

To submit a report, email us at [email protected]. Please include:

• A detailed description of the vulnerability.
• Steps to reproduce the issue.
• Any supporting screenshots, videos, or logs that help demonstrate the bug.
• Your contact information so we can reach out for further details if needed.

6. Legal

By participating in this program:

• You agree to act in good faith and avoid any activities that could harm SupplyScope or its users.
• You acknowledge that SupplyScope may change or discontinue this program at any time.
• You agree to not publicly disclose any vulnerabilities before SupplyScope has had the opportunity to review and address them.

By following these guidelines, you will help us maintain a safe and secure platform for all.

We appreciate your contribution and look forward to working with you to make SupplyScope even better.