At Recur, security is a primary priority. We think that no technology is flawless, and that collaborating with talented security researchers throughout the world is critical to finding flaws in ours.If you believe you've discovered a security flaw in our service, we'll gladly work with you to quickly repair the problem and make sure you're suitably compensated for your discovery.
This being established, we also expect the community to follow certain guidelines to help us keep the interests of our customers.
- Given the nature of our business and the nascent stage we are in, currently we have an invite-only bug bounty program which we will be expanding to an open one in near future.
- If you are a security researcher who wishes to participate in the program, kindly write to us at firstname.lastname@example.org with subject line “Application for Recur Bug Bounty Program” along with your cyber security credentials (past exploits, certifications, etc.).
- Once requested, we will revert back within 2 business days on the application process to get you on boarded.
- The acceptance to program is subject to open positions and our current bandwidth.
- In case you are not admitted to the program, and we have an opening in future, you will be automatically considered on FCFS, provided you meet certain criterions and notified of your admittance to the program.
- We will refresh the membership every six months, with inactive members getting churned out for new members.
- Once you are accepted to the program, you will receive a detailed documentation of the expectation, scope and rewards for the program. This will be accompanied by official on boarding.
- Researchers are advised not to engage in security testing on any Recur property prior to official on boarding to the program.
For detailed information on Responsible Disclosure Policy, please visit our our policy page