Need to get in touch with us? Click the button below to access our online calendar.
Gluu fully supports and values the security research community. As such, we encourage researchers to responsibly disclose security vulnerabilities after reviewing our responsible disclosure policy and bug bounty guidelines found on this page.
Responsible disclosure of security vulnerabilities helps ensure security and privacy for our community. Responsible disclosure includes:
To show our appreciation and respect to the security researchers who volunteer their time to improving our products, we offer a monetary bounty for certain security bugs.
In addition to adhering to our Responsible Disclosure Policy above, to qualify for a bounty reward you must be the first individual to responsibly disclose the bug, and report a security vulnerability that could compromise the integrity of Gluu products or user data, circumvent privacy protections, or enable unauthorized access to systems protected by Gluu. Our bug bounty also covers SDKs, libraries and plugins developed and supported by Gluu, but excludes third party developed libraries, plugins, applications etc.
Typically, the following types of bugs are not eligible for a bounty:
The minimum bounty for a qualifying security vulnerability is $100 USD. There is no maximum bounty; the value of the bounty is based on a combination of the severity of the bug and creativity of the exploit.
Receive payment by: check (if U.S. citizen); PayPal, Payoneer, Venmo.
Only 1 bounty per bug will be awarded.
Security researchers who don’t want to collect a bounty may have their reward donated to an approved charity upon request.
You must reside in a country not under any current U.S. Sanctions to qualify for a reward.
If you believe you’ve discovered a security vulnerability in any of Gluu’s products, you may responsibly disclose your find by sending an email to email@example.com.
Please include a detailed description of steps taken to reproduce the bug or proof of concept, name and/or link for (optional) attribution on this page.