Bug Bounty Program
- Michael Dreher
- Daylan Araz
Unique is running a managed bug bounty program involving external researchers to find vulnerabilities in our services. We are continuously updating the scope of the bug bounty program to include any new services.
Unique chose the bug bounty approach over yearly pen-tests to have a better and more timely coverage of the continuously changing services and landscape. Another advantage is the wide variety of skills and specializations the many different bounty testers bring.
Unique is nonetheless also doing independent pen-tests on parts of its solution if necessary.
Monthly program statistics
In this overview you can see the monthly program statistics for the last year. This overview is update monthly.
Month | Accepted Low | Accepted Medium | Accepted High | Rejected |
|---|---|---|---|---|
11/2023 | 0 | 0 | 0 | 0 |
12/2023 | 0 | 0 | 0 | 3 |
01/2024 | 0 | 0 | 0 | 7 |
02/2024 | 0 | 0 | 0 | 3 |
03/2024 | 1 | 0 | 0 | 1 |
04/2024 | 5 | 3 | 0 | 3 |
05/2024 | 2 | 0 | 0 | 5 |
06/2024 | 12 | 6 | 1 | 15 |
07/2024 | 0 | 0 | 0 | 8 |
08/2024 | 3 | 1 | 1 | 9 |
09/2024 | 1 | 0 | 0 | 1 |
10/2024 | 1 | 0 | 0 | 1 |
More details about the reports can be provided upon request under NDA.
Resolving findings
Unique is generally resolving accepted findings based on their severity in the timeframes below.
Critical/High | 1 month |
Medium | 3 months |
Low | 6 months |
The severity level is calculated using CVSS 3.1 https://nvd.nist.gov/vuln-metrics/cvss.
Requesting details about findings
You can request a detailed report of the findings on a quarterly basis through your dedicated customer success manager.
Author | @Michael Dreher |
|---|
© 2024 Unique AG. All rights reserved. Privacy Policy – Terms of Service