No technology is perfect, and PushPushGo believes that working with skilled security researchers across the globe is crucial in identifying weaknesses in any technology. If you believe you've found a security issue in our product or service, we encourage you to notify us. We welcome working with you to resolve the issue promptly.
Program Status: SUSPENDED
- Let us know as soon as possible upon discovery of a potential security issue, and we'll make every effort to quickly resolve the issue.
- Provide us a reasonable amount of time to resolve the issue before any disclosure to the public or a third-party.
- Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Interact only with accounts of your own or with explicit permission of the account holder.
Before you start
Please send e-mail to firstname.lastname@example.org and say "hello". We can share with you current issues list with rewards. Then you should omit in you report theese issues.
Researchers can sign up for a trial with mail suffix +bugbounty ex. email@example.com
PushPushGo will make a best effort to meet the following SLAs for hackers participating in our program:
- Time to first response (from report submission) - 3 business days
- Time to triage (from first response) - 3 business days
- Time for resolution - depending on severity and complexity
While researching, we'd like to ask you to refrain from:
- (Distributed) Denial of service
- Weak password policy
- Cookie flags
- Social engineering (including phishing) of PushPushGo staff or contractors
- Any physical attempts against PushPushGo property or data centers
- Brute-force, / Rate-limiting, / Velocity throttling, and other denial of service based issues.
- XSS (or a behavior) where you can only attack yourself (e.g. "Self XSS").
- XSS on pages where admins are intentionally given full HTML editing capabilities, such as custom theme editing
Any activities conducted in a manner consistent with this policy will be considered authorized conduct and we will not initiate legal action against you. If legal action is initiated by a third party against you in connection with activities conducted under this policy, we will take steps to make it known that your actions were conducted in compliance with this policy.
Thank you for helping keep PushPushGo and our users safe!
How to report issue?
Please send issue with description and steps to reproduce to firstname.lastname@example.org
How to receive reward?
Please prepare recipt / invoice on our company data and amount that we agreed on.
PushPushGo sp. z o.o.
Ostatnia 1C / B2
All of above data should be visible on invoice / recipt.