Bug Bounty Program

Last updated: July 9, 2024

At Blynk, we take security seriously and are committed to protecting our users and their data. We believe that working with skilled security researchers can identify vulnerabilities in our systems and improve our platform's security.

Program Scope

We invite security researchers to test the security of our products and services.

Rewards

We offer rewards for the responsible disclosure of security vulnerabilities found on blynk.cloud or in Blynk IoT Android and iOS apps (please note that blynk.io and blynk.cc domains are not included into Blynk's bug bounty program).

The rewards will be based on the severity and impact of the reported issue:

  • Low severity: $50
  • Medium severity: $100
  • High severity: $250
  • Critical severity: $500+

Reporting Guidelines

To qualify for a reward, please adhere to the following guidelines.

Responsible Disclosure:

Provide detailed information about the vulnerability, including steps to reproduce it. Avoid public disclosure of the vulnerability before it is resolved.

Eligibility:

Only the first reporter of a vulnerability will be eligible for a reward. The vulnerability must be previously unknown and not reported by another researcher.

Legal Compliance:

Do not engage in any activity that could harm our users or violate any laws. Testing must be conducted within the program's scope and without causing disruption to our services.

How to Report

To report a vulnerability, please send an email to dmitriy

blynk.cc with the following information:

  • A detailed description of the vulnerability
  • Steps to reproduce the issue
  • Potential impact of the vulnerability
  • Any relevant screenshots, videos, or logs
  • Response and Resolution

We will acknowledge receipt of your report within 3 days and keep you informed about the status of your report. Our team will investigate the issue and work towards a resolution. Once the issue is resolved, we will coordinate with you to publicly disclose the vulnerability and issue a reward.

Recognition

Researchers who report valid vulnerabilities may be listed in our Hall of Fame, acknowledging their contribution to improving our platform's security.

We appreciate your help in keeping Blynk secure. Thank you for participating in our Bug Bounty Program!

Last updated on July 9, 2024