At Rosebud, we are committed to providing a secure and reliable platform for our users to engage in personal growth through AI-powered daily journaling. As part of our ongoing efforts to ensure the highest standards of security and performance, we are excited to introduce the Rosebud Bug Bounty Program.
Participation in our Bug Bounty Program not only contributes to the safety of our user community but also provides an opportunity for you to earn rewards for your valuable insights. Please read on for further details on the program's scope, guidelines, and reward structure.
Severity Levels and Bounty Rewards
Low-Severity: $50 Reward
Definition: Low-severity bugs are those that have limited impact and do not pose significant security risks. These might be issues like user interface glitches, typos, or minor functionality problems that don't compromise user data or system integrity.
Examples:
- UI/UX issues such as alignment problems or broken links.
- Minor performance issues affecting only a small group of users.
- Inconsistencies in the application that do not affect core functionality.
Medium-Severity: $200 Reward
Definition: Medium-severity bugs are those that could potentially impact user experience or data but are not immediately exploitable. These may include issues like moderate performance degradation, problems with third-party integrations, or vulnerabilities that require special conditions to exploit.
Examples:
- Data leaks that expose non-sensitive user information.
- Bugs leading to the malfunction of some features, affecting the broader user experience.
- Insecure configurations that could potentially be exploited but require high levels of user interaction.
High-Severity: $500 Reward
Definition: High-severity bugs are critical issues that pose immediate risks to users or the system. These are vulnerabilities that could lead to the compromise of user data, unauthorized access to sensitive areas of the application, or other high-impact problems that need immediate attention.
Examples:
- SQL injection, Cross-Site Scripting (XSS), or other code injection vulnerabilities.
- Authentication bypass mechanisms.
- Data leaks exposing sensitive user information like passwords or personal details.
- Critical performance issues rendering the system unusable for a large portion of users
How to Submit for Bounties
If you've discovered a vulnerability that you believe is eligible for a bounty, we ask that you submit your findings directly to us via email. Follow these steps to ensure a smooth submission process:
- Email Address: Send your detailed findings to
support@rosebud.app
- Subject Line: Use a descriptive subject line such as "Rosebud Bug Bounty Program: [Short Description of the Issue]".
- Report Details: In the email body, provide a comprehensive report that includes:
- Summary of the issue.
- Steps to reproduce the vulnerability.
- Any supporting screenshots, code snippets, or screen recordings.
- Your assessment of the severity level (Low, Medium, High).
- Contact Information: Include your full name and preferred method of contact for the reward payment, whether it's via PayPal, wire transfer, or another method.
- Optional: If you have proposed solutions or mitigation measures, feel free to include those as well.
After submitting your report, you can expect an acknowledgment of receipt within 5-10 business days. Our team will then evaluate the submission and determine its eligibility for a bounty. We will keep you updated on the progress and inform you of the reward amount if the bug is confirmed and resolved.
Thank you for participating in the Rosebud Bug Bounty Program. Your contributions help us enhance the security and reliability of our platform, ensuring a safer experience for all our users.