Bug Bounty Program
Get rewarded for helping us improve the security and privacy of the mesibo platform. We maintain a bug bounty program for security researchers who report qualifying vulnerabilities.
mesibo strongly believes in information security. If you believe you have found a security or privacy vulnerability in the mesibo platform, let us know quickly. We will investigate all qualifying reports and if your report uniquely identifies a security or privacy issue within the scope of our bounty program, you may receive a bounty award. Even if it is not covered under an existing bounty program, we will publicly acknowledge your contributions.
Before You Submit — Read This First
Value Your Time: Read the Qualifying and Non-Qualifying sections below before spending your time. We are only interested in qualifying reports related to mesibo real-time APIs. Non-qualifying reports will be discarded without acknowledgment.
No Follow-up: We read all reports. If you do not get a reply, the report is either in the review pipeline or was not qualified. Any follow-up will disqualify even unread reports.
Qualifying Reports
Any mesibo API issue that compromises the confidentiality or integrity of user data is likely in scope. Your report submission MUST include all of the following — none are optional:
Detailed description of the vulnerability
Affected mesibo products and services
Exact steps to reproduce the issue
A small program demonstrating the issue using the latest real-time API, with no third-party libraries
You MUST only use your own app token and API key while demonstrating the issue
mesibo account details and proof of using the mesibo first app
Your phone number with country code and verifiable links to LinkedIn, Twitter and Facebook profiles matching your email
You must also give us a reasonable time to investigate and resolve an issue before publicly disclosing or sharing with others.
Non-qualifying Reports — Out of Scope
This reward program is focused on mesibo API security and privacy issues. The following are out of scope:
Any non-API issues not related to mesibo real-time APIs
Out-of-date API issues — always verify using the latest mesibo real-time API
Issues impacting only your own account (XSS, CORS, clickjacking, login sessions, browser cache, password policy)
Privacy issues when secure connection is turned off by the user
Any public domain issues not directly related to mesibo
UI-related issues
mesibo website content-related issues
Console and MySQL issues
Issues in open-source products including apps, samples, and UI modules
Denial-of-service issues
Spam or social engineering issues
Issues related to third-party apps using mesibo services insecurely
Duplicate reports
Legal
By submitting your report to this program, you understand that:
- We can cancel this program at any time
- mesibo determines in its sole discretion whether a report qualifies and if a reward can be paid
- The reward amount will be deposited to your mesibo account as mesibo credits
- Your testing must not violate any law, or disrupt or compromise any data that is not your own