Unique is running a managed bug bounty program involving external researchers to find vulnerabilities in our services. We are continuously updating the scope of the bug bounty program to include any new services.
https://gobugfree.com/programsUnique chose the bug bounty approach over yearly pen-tests to have a better and more timely coverage of the continuously changing services and landscape. Unique is nonetheless also doing independent pen-tests on parts of its solution if necessary.
Monthly program statistics
In this overview you can see the monthly program statistics for the last year. This overview is update monthly.
Month | Accepted Low | Accepted Medium | Accepted High | Rejected |
---|---|---|---|---|
10/2023 | 1 | 1 | 1 | 2 |
11/2023 | 0 | 0 | 0 | 0 |
12/2023 | 0 | 0 | 0 | 3 |
01/2024 | 0 | 0 | 0 | 7 |
02/2024 | 0 | 0 | 0 | 3 |
03/2024 | 1 | 0 | 0 | 1 |
04/2024 | 5 | 3 | 0 | 3 |
05/2024 | 2 | 0 | 0 | 5 |
06/2024 | 12 | 6 | 1 | 15 |
07/2024 | 0 | 0 | 0 | 8 |
08/2024 | 3 | 1 | 1 | 9 |
More details about the reports can be provided upon request under NDA.
Resolving findings
Unique is generally resolving accepted findings based on their severity in the timeframes below.
Critical/High | 1 month |
Medium | 3 months |
Low | 6 months |
The severity level is calculated using CVSS 3.1 https://nvd.nist.gov/vuln-metrics/cvss.
Author |
---|