Vulnerability Identification and Prevention - Submission

About the program

Bookipi is dedicated to maintaining and safeguarding our user community. If you have identified a potential security vulnerability within our online or related systems, we encourage you to responsibly disclose it to us via our Vulnerability Identification and Prevention program. Please submit a report below.

*This program is dedicated to observed online security vulnerabilities that may affect users on Bookipi. If you are having issues or bugs related to your account or the use of our application, please contact support.

Making a Submission

To make a submission, please provide a detailed account of the vulnerability and the necessary steps to reproduce it – in the forms of (but not limited to):

  • A video recording or structured visual flow as proof of concept
  • Description of the vulnerability
  • Steps to reproduce the vulnerability
  • Severity and Impact of the vulnerability
  • Any other relevant information

Please ensure that your actions prioritize the privacy, data confidentiality, and integrity of our users. Our community’s privacy is paramount, and your cooperation in preserving it is highly valued. Note that we cannot collaborate with individuals who violate laws or regulations, maliciously exploit vulnerabilities, or access other users’ data. Please adhere to this policy in good faith to ensure a mutually-beneficial outcome.

Upon receiving your submission, we will communicate the timelines for triaging, compensation, and addressing any questions during the investigation. Do note that you will be expected to support or provide recommendations to resolve the vulnerability.

Rewards

Reward amount or Bounty is calculated based on the Overall impact and Severity of the vulnerability (refer to Range scale), with a maximum score of 5. A Vulnerability Score is the added total of:
[ Assessed Impact + Severity ]/2. 

Example: 
A vulnerability with an impact score of 3 and Severity of 5 will be scored a (3+2)/2 = 4.

Program rules

  • Avoid creating multiple accounts to conduct tests on Bookipi’s applications and services.
  • Social engineering tactics such as phishing, vishing, and smishing are strictly prohibited.
  • Make a genuine effort to prevent privacy breaches, data destruction, and any disruption or degradation of service.
  • Strictly interact with accounts that you own or have explicit permission to use.
  • Blocked Accounts: We cannot guarantee the unblocking of any restricted account activity. You can request an investigation and possible unblocking of your account through bugbounty@bookipi.com.
  • Our program does not cover 3rd Party assets or components outside of our control.

Vulnerability Identification – Report