Request demo
Crisp/Crisp/Detail
Detail Updates Leaderboard
sort by
Last published
We went public
9/8/2023, 10:00:42 AM (8 months ago)
9/8/2023, 10:00:59 AM

To improve the reach of this vulnerability disclosure program, we just made it public.

Very much looking forward to the new exposure this gives us and our platform.

As usual, let us know if you have feedback on our rulebook, triage flow or program in general.

Happy hunting!

Increased bounties and soon-to-be-added functionality to audit!
11/1/2022, 3:39:26 PM (over 1 year ago)

To reflect the increased maturity of the program, we've made the decision to improve the bounties we award! The new bounties are as follows:

  • Low: from €50 to €100
  • Medium: from €200 to €350
  • High: from €500 to €1000
  • Critical: from €1250 to €2000

Additionally, we will be writing about newly added features here on a regular basis, in an attempt to improve the 'hit rate' by highlighting platform components with a higher likelihood of security problems.

Thank you all for your support so far, and happy hacking!

Program has reached 'registered' confidentiality level!
1/20/2022, 1:16:16 PM (over 2 years ago)

First of all, thanks to the early adopters that have submitted issues in the last months. You've helped us immensely in getting the program up to speed!

We are now reasonably confident in amount of traffic we can expect, hence we are moving the confidentiality level to 'registered', effective immediately! We hope this will both increase the visibility of the program, and allow more researchers to participate.

Again, thanks to everyone who has helped us hit this milestone!

Improved bounties
11/9/2021, 10:53:40 AM (over 2 years ago)

We're very pleased with the initial response to our bug bounty program: quite some interesting things have been identified already!

Now that we've gotten a bit more data regarding the amount of issues and their severity, we want to adjust our bug bounties to match:

  • Medium: from €150 to €200
  • High: from €350 to €500
  • Critical: from €1000 to €1250
  • Exceptional: from €1500 to €3000

We greatly appreciate the help we've gotten from researchers so far! Accordingly, we've compensated any previously awarded bounties to match the new amounts specified above.

Thank you all for your interest and helping improve our platform!

Updated domain list
10/29/2021, 11:20:57 AM (over 2 years ago)
10/29/2021, 11:51:48 AM

We're still here after our first week of bug bounty 🎉. Thanks to all of you participating so far.

One change we just made: we updated the domain list with specific for-hackers. prefixes as we found many (automatic) tools spamming our telemetry and bug reporting systems. With this change, it's easier for us to separate those reports. Know that these domains are simple CNAMEs to the real ones, and behavior should otherwise be identical! Please update your tools to use the new domains.

Lastly, for those who did not see this yet: we added our hidden web build of the app in scope at https://for-hackers.crispapp.nl/web-rn/. We hope this helps lower the barrier to start hacking right away! Since our real customers don't use this app, any client-side issues that do not occur in our native builds are capped to low severity.

Happy hacking and a good weekend to all!