Membership Training "6-Step Guide to Start Membership Websites" Join Live Webcast

Submit Your Research

If you believe you’ve discovered a security or privacy vulnerability that affects the Brilliant Directories platform or services, please report it directly to us. We review all eligible submissions for Security Bounty rewards.

$25 – $5,000 reward per bounty

Send Your Security Report

Submit your research report by emailing bounty@brilliantdirectories.com. Reports should include a thorough technical description of the behavior you observed, the steps required to reproduce the issue, and a proof-of-concept or exploit. A short video demonstrating the issue is welcome.

Communicate With Us

Our team reviews and investigates every submission. You can interact directly with us, and ask or respond to questions about your findings.

Collect Your Reward

If your report results in a system or software update, you’ll see information about when and how we’ll acknowledge your work. We’ll also let you know if you are eligible to receive a reward through the Brilliant Directories Security Bounty program.


Security Report Guidelines

A high-quality research report is critical to help us confirm and address an issue quicker, and could help you receive a Brilliant Directories Security Bounty reward.

A complete report includes:

  • A detailed description of the issue(s) and the behavior you observed, as well as the behavior that you expected
  • A numbered list of steps required to reproduce the issue
  • A reliable exploit for the issue you are reporting
  • Details of any related issues or variants
  • A short video demonstrating the issue is welcome.

We strongly recommend including a working exploit, rather than a basic proof of concept. We accept reports without this information, but reports with more details typically receive higher bounty rewards. If your report doesn’t include the necessary information to allow us to reproduce the issue, we may not be able to accept your report or evaluate it for a bounty.

Issues that require execution of multiple exploits — as well as “one-click” and “zero-click” issues — require a full chain for maximum payout. Such issues should be submitted as a single report that includes:

  • Both compiled and source versions
  • Everything needed to execute the chain
  • A sample nondestructive payload, if needed

If you provide an exploit chain, please add it to a password-protected archive as an attachment.


Eligibility

Brilliant Directories Security Bounty eligibility rules are designed to make sure we can verify your research and protect customers until an update is available.

For an issue to be eligible for a Brilliant Directories Security Bounty, the issue you report must occur on the latest publicly available version of the Brilliant Directories platform with a standard configuration.

In addition, you must meet the following requirements:

  • You must be the first party to report the issue directly to Brilliant Directories by emailing bounty@brilliantdirectories.com.
  • Your report must be clear and detailed and must include a reliable way to reproduce the issue, such as a working exploit.
  • You must not disclose the issue publicly before Brilliant Directories releases a fix for the reported bug.

Some issues may be eligible for an additional bonus. For example, issues that are unique to newly added features or code may qualify for a bonus, if they’re reported within 90 days of the feature release.


Scope of Eligible Vulnerabilities

We are interested in security and privacy vulnerability reports pertaining to the Brilliant Directories platform software product offered through the brilliantdirectories.com website, rather than that website itself. If you are interested, you can sign up for a trial of the software here.

Please note that the Brilliant Directories platform grants website administrators broad access to their websites’ code through the “Widgets” system, as well as broad access to the content of their websites via direct database access. While this level of access allows website administrators numerous ways to inadvertently harm their own websites, we are not focused on identifying such self-inflicted vulnerabilities for security bounties.

However, we do offer Brilliant Directories Security Bounties for discoveries including but not limited to:

  • An administrator of one website affecting another website, or the Admin Area of another website.
  • A standard visitor/user/member of a website exploiting a vulnerability on that website.

Avoid Harm

Some security research may occur on production services that Brilliant Directories customers use and depend on. Do your best to avoid research that violates customer privacy, destroys data, or interrupts service.

If you discover customer data while researching, or are unclear if it is safe to proceed, please stop immediately and contact us at bounty@brilliantdirectories.com so we can take immediate action to resolve the issue and protect our customers.

Frequently Asked Questions

How do I submit a security research report?

If you believe you have discovered a security or privacy vulnerability in Brilliant Directories’ software or services, please report it to us.

Email your research report to bounty@brilliantdirectories.com. Anyone can submit a report, including developers, users, and security researchers. If a report you submit is valid and eligible, you may be publicly recognized in our release notes, and if your report meets additional criteria, you may also receive a reward through the Brilliant Directories Security Bounty program.

We make it a priority to resolve security and privacy issues as quickly as possible. Please note that for the protection of our customers, Brilliant Directories does not disclose or confirm security issues until our investigation is complete and any necessary updates are generally available.

Please note that you will not be able to track the progress of your report online. Our team will maintain communication with you throughout our review process.

What happens after I submit a report?

Brilliant Directories developers review all reports that are submitted directly to us.

If we need additional information, we’ll notify you via email. If you have questions, or want to provide more information to help us reproduce or investigate an issue, you can reply to your initial report email at any time.

After a valid report is addressed, it will be reviewed for a Brilliant Directories Security Bounty reward payment. If your report qualifies for a reward, you’ll be notified by the Brilliant Directories team about your reward, including bounty status, amount, and any next steps.

How are Brilliant Directories Security Bounty rewards determined?

We review each report to determine whether the issue reported is a valid security or privacy issue, and if so, whether it qualifies for a reward. All security issues with significant impact to users will be considered for the Brilliant Directories Security Bounty.

Brilliant Directories Security Bounty reward payments are based on:

  • The type of vulnerability, which can include the user interaction required, number of affected users, level of access, and other factors.
  • The quality of your research report, which helps our team understand, reproduce, and address the issue more quickly.

Maximum bounty amounts require high-quality reports and are meant to reflect significant scope and effort. Vulnerabilities that have a greater impact on users tend to receive larger bounty reward payments — for example, issues that affect most or all of the Brilliant Directories platform or services, or circumvent advanced security protections.

Other factors may include the number of users affected; the user interaction that’s required or whether the user is notified; the level of access or execution achieved; and the persistence of the issue. For example, a “zero-click” exploit — where an attacker would be able to gain access to a user’s data without any interaction from the user — would be eligible for a significantly larger bounty than an issue that requires physical access to a user’s device.

To increase your potential reward, make sure your report is detailed and thorough. Reports with only a basic proof of concept tend to receive about half the typical reward, and those without a working proof of concept typically receive even less. If your report doesn’t indicate how to reproduce the issue, it may not qualify for a bounty. A report for a bounty-eligible issue with a clear scenario that clearly demonstrates the issue is more likely to receive a top reward than a report for the same issue without supporting details.

Have other questions?

Email bounty@brilliantdirectories.com for answers to any other questions.

brilliant-directories-reviews4

Brilliant Directories is rooting for us

I went into my venture alone, but was pleasantly surprised at the community and the Brilliant Directories support team. The staff is super responsive and it truly feels like they are rooting for us. On top of this, there are great discussions and support within the Facebook group, where I manage to learn something new from other membership website owners every day. It's an amazing and continuously evolving product and I'm happy to be a part of it!

Erwin C. — Texas, USA Read More Reviews

Questions Before Getting Started?

We're always happy to chat about your goals and explain what comes with your Brilliant Directories website. Contact us or call to speak with a friendly team member now: +1-800-771-9332

Send a Message

START YOUR IDEA TODAY
Launch a Free Demo Website Below

  • Learn how to setup membership plans, connect your payment gateway and generate revenue
  • Tour the features that will help you manage your community and maximize productivity
  • Experience how members will view, edit and self-manage their personal accounts
  • Customize your demo site to match your brand
Safe & Secure. Try it free for as long as you like.

Try Free Demo – Instant Access

×

👋 Send A Message Below

×

START 7-DAY FREE TRIAL

Register FREE for instant access to start your website

Safe & Secure.
×

YOU FOUND THE EASTER EGG :)


But Someone Got Here Before You
Stay Tuned for Our Treasure Hunt Next Month

 

×

You’re Almost There!

Enter your email below to watch the webcast
“6-Step Guide to Start Membership Websites”

75% Complete

We hate SPAM and promise to keep your information safe.

×

Start 7-Day Free Trial – Full Access

×