correct.email is recognizing security researchers for submitting security bugs through a bug bounty program with HackerOne and Bugcrowd. Whether you’re a security bug guru or a complete newbie, we want to make it as easy as possible to submit any bugs you find!
To this end, we’ve compiled the top 5 security bug report tips from our very own Security Engineers:
1. Build a stronger report by including information on the actual and potential impact of the vulnerability, as well as details of how it could be exploited. 2. Include the methodology you used to find the bug, and the steps to reproduce it. 3. Please submit your results only after you’ve ensured that your bug is verified. 4. Submit the report in your native language if you don’t feel comfortable submitting it in English. 5. Make sure that you gain reputation!