Unveiling the future of our bug bounty program
We are excited to announce some significant updates to our bug bounty program that are just around the corner. These changes include transitioning our bug bounty program to a new platform and expanding our scope with new targets.
Here’s a detailed look at what’s coming.
Transition to BugCrowd
We are transitioning our public bug bounty program from HackerOne to BugCrowd. The official launch date for our new program on BugCrowd is set for November 6.
From this date onwards, researchers can start submitting their findings through BugCrowd.
Important dates
- November 6th: Launch of our new public bug bounty program on BugCrowd. Researchers can begin submitting their findings through BugCrowd from this date forward.
- November 10th: Last day to submit new reports on our HackerOne program. Researchers are encouraged to finalize and submit any new findings before this date.
- November 19th: Closure of our HackerOne public bug bounty program. All pending reports will be triaged and rewarded by this date, but may not be resolved by then.
To smooth the transition for our researchers, there will be a few days where both our HackerOne and BugCrowd public bug bounty programs will run concurrently. This dual-operation period will ensure a seamless transition and provide researchers time to adjust to the new platform.
How to participate
Joining our bug bounty program on BugCrowd is simple. After November 6, you can find our program details by logging into your BugCrowd account and searching for Mattermost.
If you’re new to BugCrowd, you can sign up at https://identity.bugcrowd.com/login and navigate to our program from there.
Expanding our scope with new targets
We’re also excited to announce the expansion of our scope with the inclusion of 4 new targets. These targets are:
- Mattermost Boards plugin
- Mattermost Copilot plugin
- Mattermost Microsoft Calendar Plugin
- Mattermost Plugin for Microsoft Teams Meetings
Broadening the scope will provide more opportunities for researchers to uncover vulnerabilities and help us strengthen the security of these crucial plugins.
Thank you for your continuous support and contributions to making our platform safer.
Happy hunting!