Bright Data's Security Vulnerabilities Reward Program
At Bright Data, safeguarding our network, products, customers, SDK partners, and their users is our top priority. Our Security Vulnerabilities Reward Program invites security researchers and users alike to identify and report any security or privacy concerns in our products. This collaboration is crucial for us to enhance our security measures.
Scope of the Program
The program covers new security and privacy issues in:
- Bright Data's website brightdata.com
- The latest version of the Bright Data partner SDK.
We're particularly focused on vulnerabilities that compromise the confidentiality or integrity of customer or SDK user data. Examples include, but are not limited to, Cross-Site Scripting, CSRF/XSRF, authentication flaws, remote code execution, and unauthorized access to internal web pages via the SDK.
Guidelines for Participation
- Please refrain from any DoS attacks, as they are counterproductive.
- Avoid using tools that generate high volumes of traffic, as this leads to automatic disqualification from our bounty programs.
- Do not attempt to hack real customer accounts. Privacy and security are vital; use your own accounts for testing.
- While we value feedback on minor UI/UX issues, the reward program focuses on more critical security vulnerabilities.
- Only the first report that clearly demonstrates an issue will be eligible for a reward.
Reporting and Rewards
To find out more about the program, including how to report issues, visit our dedicated Security Vulnerabilities Reward Program page. Your contributions are invaluable in helping us maintain the highest standards of security.