Bug Bounty Program

Unique is running a managed bug bounty program involving external researchers to find vulnerabilities in our services. We are continuously updating the scope of the bug bounty program to include any new services.

https://gobugfree.com/programs

Unique chose the bug bounty approach over yearly pen-tests to have a better and more timely coverage of the continuously changing services and landscape. Another advantage is the wide variety of skills and specializations the many different bounty testers bring.

Unique is nonetheless also doing independent pen-tests on parts of its solution if necessary.

Monthly program statistics

In this overview you can see the monthly program statistics for the last year. This overview is update monthly.

extension

Month

Rejected

Accepted Low

Accepted Medium

Accepted High

Month

Rejected

Accepted Low

Accepted Medium

Accepted High

12/2023

3

0

0

0

01/2024

7

0

0

0

02/2024

3

0

0

0

03/2024

1

1

0

0

04/2024

3

5

3

0

05/2024

5

2

0

0

06/2024

15

12

6

1

07/2024

8

0

0

0

08/2024

9

3

1

1

09/2024

1

1

0

0

10/2024

1

1

0

0

11/2024

3

0

0

0

More details about the reports can be provided upon request under NDA.

Resolving findings

Unique is generally resolving accepted findings based on their severity in the timeframes below.

Critical/High

1 month

Medium

3 months

Low

6 months

The severity level is calculated using CVSS 3.1 https://nvd.nist.gov/vuln-metrics/cvss.

Requesting details about findings

You can request a detailed report of the findings on a quarterly basis through your dedicated customer success manager.

 


Author

@Michael Dreher

© 2024 Unique AG. All rights reserved. Privacy PolicyTerms of Service