MarketingBlocks Bug Bounty Program

MarketingBlocks Bug Bounty Program

At MarketingBlocks, we take the security of our customers' information seriously and are dedicated to ensuring a robust and accessible solution. We actively encourage security researchers to validate our protective measures and confidentially disclose any potential vulnerabilities they discover. In recognition of their efforts, we may provide rewards for significant findings.


If you've identified a vulnerability ranging from high to critical risk within our SaaS offering, we invite you to review the guidelines below. If your discovery meets all the specified criteria, please proceed with submitting the vulnerability to support@marketingblocks.ai  for a thorough evaluation. Your contribution plays a vital role in enhancing our security posture and safeguarding our customers' data.


Ground Rules

To ensure a smooth and successful participation in our bug bounty program, it is imperative to adhere to the following rules without any exceptions:

  • You will make no attempt to gain access to any accounts.

  • You will make no attempt to gain access to non-public data.

  • You will not violate other’s privacy.

  • You will not destroy any data.

  • You will not conduct DoS or DDoS attacks.

  • You will not apply social engineering techniques (phishing, pretexting, etc.).

  • You will not take actions that could negatively impact or disrupt our SaaS offering or operations in any capacity.

  • You will not publicly disclose the finding until MarketingBlocks has confirmed and fixed the vulnerability.

  • You must agree and adhere to the Program rules and terms and conditions set forth on this page.

Eligibility

The MarketingBlocks Bug Bounty Program is specifically designed for our SaaS offering. We have a keen interest in identifying high/critical risk vulnerabilities that have the potential to disrupt our service, compromise IAM controls, or compromise customer or proprietary data (such as source code).


Please note that submissions for vulnerabilities that do not directly relate to our SaaS offering will not be considered for further action or eligible for a reward. Additionally, submissions that are determined to pose an insignificant or non-security-related risk, at the sole discretion of MarketingBlocks, will also not be eligible for a reward.


We operate on a first-come, first-serve basis when it comes to noteworthy vulnerability submissions. 


Only the first researcher to submit a noteworthy vulnerability to MarketingBlocks will be considered for a potential reward. 


Subsequent submissions for the same vulnerability will not be considered.

Multiple vulnerabilities caused by one underlying issue will be awarded one bounty.

You are, and must remain in full compliance with all Program terms & conditions.

All bounty amounts will be determined at MarketingBlocks absolute and sole discretion.


Submission Process

All Participants must submit their findings via email to support@marketingblocks.ai 

The submission should include a detailed description of the vulnerability, steps to reproduce it, and any supporting evidence (screenshots, videos, etc.)


Participants should include their contact information for further communication regarding the

submission.


Remediation & Disclosure

MarketingBlocks will make reasonable efforts to acknowledge the receipt of each valid submission within 48 hours.


MarketingBlocks will review and validate the submitted vulnerabilities.

Once a vulnerability has been validated, MarketingBlocks will work on resolving the issue promptly.


Participants will be notified about the status of their submission and any necessary remediation steps.


MarketingBlocks will disclose the details of the vulnerability only after it has been resolved and sufficient time has passed to allow affected parties to update their systems.


Response Target

MarketingBlocks aims to respond to all submissions within 72 hours of receipt.

The time taken to resolve a vulnerability depends on its complexity and severity. MarketingBlocks will make the best effort to resolve critical vulnerabilities promptly.


Reward

The Bug Bounty Program offers monetary rewards for valid and eligible submissions at the discretion of MaketingBlocks.


The reward amount will depend on the severity and impact of the vulnerability. MarketingBlocks will determine the reward based on its discretion. MarketingBlocks may offer additional rewards for exceptional and high-impact submissions.


Bounties will be paid directly to the researcher using Paypal, Payoneer, etc. based on what’s convenient for both parties.


You will be solely responsible for any tax implications related to bounty payments you receive, as determined by the laws of your jurisdiction of residence or citizenship.

To be eligible for a reward, you must:

  • Be the first person to submit an eligible vulnerability.

  • Not be in violation of any national, state, or local law or regulation.

  • Not be employed by MarketingBlocks or its subsidiaries or affiliates.

  • You are, and must remain in full compliance with all Program terms & conditions.

  • That vulnerability is determined to be a valid security issue by MarketingBlocks security team

Safe Harbor

MarketingBlocks commits to not initiate any legal action against participants who make a good faith effort to comply with the program's rules.


Participants must not exploit any discovered vulnerabilities beyond what is necessary to demonstrate their impact.


Participants must not access, modify, or delete any user data during their testing.

Please note that this Bug Bounty Program is subject to change at MarketingBlocks' discretion. 

Participants are advised to regularly review the program guidelines for any updates.

For further information or clarification, please reach out to support@marketingblocks.ai

© MarketingBlocks 2024. All Rights Reserved