52235 policies in database
Link to program      
2018-03-22
2020-04-23
Square logo
Thank
Gift
HOF
Reward

Reward

Square

Serious about security

Our approach to security is designed to protect buyers and sellers. We monitor every transaction, continuously innovate in fraud prevention, and we protect businesses’ data like our business depends on it—because it does. We adhere to industry-leading standards to manage our network, secure our web and client applications, and set policies across our organization.

This program adheres to the Bugcrowd Vulnerability Rating Taxonomy for the prioritization/rating of findings.

Rewards:

We are particularly interested in problems with Square’s payment flows. Confirmed vulnerabilities that directly affect our payments flows and comply with these terms will receive a $500 minimum reward.

A Note on Similar Submissions:
We ask that researchers who are able to identify the same or similar types of issues in multiple locations across one of our applications combine those findings into a single submission that includes a description as well as the various locations where vulnerabilities have been identified. This greatly assists us in our triage process and allows us to process your submissions faster. The combined submissions will be evaluated holistically and will receive rewards corresponding to the collective findings. For example, if an application is discovered to have broken access control on a number of API endpoints, please submit a single submission that includes a list of those API endpoints. If separate submissions are made, they may be inadvertently closed as duplicates.

Scope and rewards

Program rules

This program follows Bugcrowd’s standard disclosure terms.

For any testing issues (such as broken credentials, inaccessible application, or Bugcrowd Ninja email problems), please email support@bugcrowd.com. We will address your issue as soon as possible.

This program does not offer financial or point-based rewards for P5 — Informational findings. Learn more about Bugcrowd’s VRT.

In Scope

Scope Type Scope Name
android_application

Square Point of Sale Mobile Application for Android

ios_application

Square Point of Sale Mobile Application for iOS

web_application

*.square.com

web_application

*.squareup.com

Out of Scope

Scope Type Scope Name
android_application

Cash App Mobile Application for Android

ios_application

Cash App Mobile Application for iOS

undefined

Any vulnerabilities found in Third-party software

web_application

*.cash.me


The public program Square on the platform Bugcrowd has been updated on 2020-04-23, The lowest reward is 0 $.

FireBounty © 2015-2024

Legal notices | Privacy policy