Get $100 in free credits when you sign up
AuditBase
AuditBase
Sign InGet Started

Security Program

AuditBase bug bounty program

We welcome responsible disclosure from security researchers who help us protect AuditBase systems and user data. Eligible vulnerabilities affecting surfaces under our control may qualify for rewards based on severity, business impact, and report quality.

Contact Security

Overview

AuditBase reviews security reports for services and infrastructure under our control. Rewards are determined by severity, business impact, and the completeness of the submission. Final payout decisions remain at AuditBase's discretion.

Severity
Reward
Notes
Low
$100
Minor issues with limited direct impact.
Medium
$250
Exploitable issues with meaningful but contained risk.
High
$500
Serious vulnerabilities with clear security impact.
Critical
$1,000
Severe issues that could compromise users, systems, or funds.

In scope

The following vulnerability classes are generally eligible for consideration when they affect AuditBase properties we control:

  • Cross-site scripting (XSS)
  • SQL injection
  • Authentication or authorization bypass
  • Remote code execution
  • Sensitive data exposure
  • Cross-site request forgery (CSRF)
  • Server-side request forgery (SSRF)

Out of scope

Reports in these categories generally do not qualify for payouts under the program:

  • Theoretical issues without a reasonable proof of exploitability
  • Social engineering, phishing, vishing, or physical attacks
  • Denial-of-service and distributed denial-of-service testing
  • Rate-limit issues without demonstrated security impact
  • Third-party services or infrastructure outside AuditBase control
  • Missing best-practice headers without exploitability
  • Self-XSS or issues requiring self-compromise
  • Automated scanner output without validation

How to submit

Send reports to security@auditbase.com and include the following:

  1. A clear description of the vulnerability
  2. Steps to reproduce the issue
  3. Affected domain, endpoint, feature, or subdomain
  4. Your assessment of severity and impact
  5. Supporting screenshots, proof-of-concept code, or video
  6. Contact details for follow-up

Program rules

  • Do not publicly disclose the issue until AuditBase confirms remediation.
  • Avoid any testing that could degrade service, corrupt data, or harm users.
  • Submit one issue per report with clear reproduction steps and impact.
  • Testing must comply with applicable law and must not originate from restricted jurisdictions.

Review and reward process

After submission, we validate the issue, assess severity, and determine whether it is eligible for a payout. Valid reports are prioritized for remediation and rewards are paid after the issue is resolved.

Step 1

Submit your report

Email security@auditbase.com with a complete report and enough detail for validation.

Step 2

Validation and triage

We reproduce the issue, assess impact, and determine whether it qualifies under the program.

Step 3

Severity and reward decision

Eligible reports are assigned a severity band and reviewed for payout based on impact and quality.

Step 4

Remediation and payout

Once the issue is resolved, eligible rewards are paid through a secure payment method.

Important disclaimer

Submission of a report does not guarantee a reward. AuditBase determines eligibility, severity, and payout at its sole discretion. Reports that fall outside the program scope, duplicate previously reported issues, or do not provide enough information for validation may not qualify.

If you have questions before reporting, contact security@auditbase.com.