We decided that it’s time to use the power of community to make our products even more secure and reliable. We are launching a bug bounty program on HackerOne which will very soon provide every ethical hacker an opportunity to officially work with our team on testing ONLYOFFICE.
HackerOne is a perfect place for software vendors and good faith hackers to meet on mutually beneficial terms and exchange hacking jobs for monetary bounties. With thousands of hackers worldwide helping software companies and their users live in a safer digital environment, HackerOne has become the most trusted hub for ethical hacking.
Despite our constant internal research activities and fixing of known vulnerabilities, we decided that partnering with HackerOne will help us invite vast amount of external talent to making ONLYOFFICE safer.
In ONLYOFFICE program, experts can test our solutions within the defined scope under the terms of the Vulnerability Disclosure Policy and provide us with reports on findings to get a generous reward, a size of which depends on the value these findings bring.
Possible vulnerabilities fall into five categories: informational, low, medium, high and critical; and the bounties vary from $50 to $750 at the current stage of the program:
All payments will be securely processed within HackerOne platform, and the findings will be officially published upon the fixes, followed by public credit on our resources.
On the early stage, we are entering a private program which will only allow select hackers to participate. Testing admissions will be limited to let us carefully handle the incoming reports.
The program will start from 20 private invitations and scale gradually according to the program goals and progress in handling vulnerability reports.
Once we are ready to open the program to the public, we will make an announcement and describe the participation guidelines.
If you want to stay up to date about the public program launch and be one of the first external hackers to test ONLYOFFICE, we invite you to contact us and get on the waiting list. Once the program is launched in the public mode, we will contact you with more details about participation.
Click the button below to send us an email. Please mention “ONLYOFFICE HackerOne bounty” in the title so we don’t miss your inquiry.