Bug Bounty Program

Help us improve RentWise's security and get rewarded for your findings. We value the security research community's efforts to help protect our users.

Program Overview

Find security vulnerabilities in our systems and get rewarded for responsible disclosure.

At RentWise, we take the security of our users and platform very seriously. Our Bug Bounty Program is designed to encourage security researchers to report security vulnerabilities responsibly.

Low Risk

Minor security issues with limited impact on user data or system functionality.

Reward Range:

$50 - $200

Examples:

  • Information disclosure
  • Minor authentication bypass
  • Low-impact XSS

Medium Risk

Moderate security vulnerabilities that could potentially compromise user data.

Reward Range:

$200 - $1,000

Examples:

  • SQL injection
  • CSRF attacks
  • Privilege escalation

High Risk

Serious security flaws that could lead to significant data breaches or system compromise.

Reward Range:

$1,000 - $5,000

Examples:

  • Remote code execution
  • Authentication bypass
  • Data breach scenarios

Critical Risk

Severe vulnerabilities that pose immediate threats to user safety and platform integrity.

Reward Range:

$5,000 - $20,000

Examples:

  • Complete system compromise
  • Mass data exposure
  • Account takeover at scale

Bounty Rewards

We offer rewards based on the severity and impact of the vulnerability you discover.

Our bounty rewards are determined by the severity of the vulnerability and the potential impact it could have on our users and systems. The final reward amount is at the discretion of our security team after thorough evaluation.

Low Risk

$50 - $200

Minor security issues with limited impact on user data or system functionality.

Examples: Information disclosure, Minor authentication bypass, Low-impact XSS

Medium Risk

$200 - $1,000

Moderate security vulnerabilities that could potentially compromise user data.

Examples: SQL injection, CSRF attacks, Privilege escalation

High Risk

$1,000 - $5,000

Serious security flaws that could lead to significant data breaches or system compromise.

Examples: Remote code execution, Authentication bypass, Data breach scenarios

Critical Risk

$5,000 - $20,000

Severe vulnerabilities that pose immediate threats to user safety and platform integrity.

Examples: Complete system compromise, Mass data exposure, Account takeover at scale

Additional Rewards

Exceptional reports with detailed information, proof of concept code, and suggested fixes may receive bonuses beyond the standard reward amounts. We also recognize top contributors on our security hall of fame.

Submission Process

How to report vulnerabilities and what information to include

1

Discover a vulnerability

Find a security issue in one of our in-scope systems or applications.

2

Report via our secure channel

Submit your findings through our vulnerability report form or email security@rentwise.com with encrypted details.

3

Evaluation and confirmation

Our security team will review your report, confirm the vulnerability, and determine its severity.

4

Remediation and reward

We'll fix the issue and award you based on the severity and impact of the finding.

Required Information

  • Clear description of the vulnerability
  • Step-by-step reproduction instructions
  • Screenshots or videos demonstrating the issue
  • Affected URLs or components
  • Possible impact and suggestions for mitigation

Frequently Asked Questions

We aim to acknowledge receipt of your report within 24 hours and provide an initial assessment within 3-5 business days. Complex issues may take longer to fully investigate.
Yes, we support responsible disclosure. We ask that you wait until we've fixed the issue and notify you that it's resolved. We typically request a 90-day disclosure timeline from the date of your report.
Reward amounts are based on the severity of the vulnerability, potential impact, quality of the report, and difficulty of exploitation. Our security team makes the final determination after careful evaluation.
Yes, we provide safe harbor for security researchers who discover and report vulnerabilities according to our responsible disclosure policy. This means we won't pursue legal action for security research conducted in good faith and in compliance with our guidelines.
Yes, we accept anonymous reports. However, if you want to receive a bounty reward, we'll need some form of contact information to process the payment. We respect your privacy and handle all information confidentially.

Contact Us

Have questions about our bug bounty program? Contact our security team:

security@rentwise.com

Security Hall of Fame

We celebrate security researchers who have helped protect RentWise and our users.

  • J
    1
    Jane Smith
    3 critical vulnerabilities
    🏆 Top Contributor
  • J
    2
    John Doe
    2 high severity issues
    🔍 Security Expert
  • A
    3
    Alex Johnson
    Multiple security improvements
    ⚡ Rising Star
  • S
    4
    Sarah Williams
    API security specialist
    🛡️ Specialist
View Full Leaderboard