The Groupize Bug Bounty Program is designed to provide reasonable compensation and incentive to report qualifying vulnerabilities that independent researchers identify with Groupize’s suite of products. Additionally the rules outlined in this program should help to guide the areas of our technical footprint that are eligible for, and ineligible for the payment of a bounty.
In short – we accept vulnerability reports for any publicly-exploitable and, as of yet unidentified, issue with our main suite of products. We do not accept reports for vulnerabilities related to our marketing platforms or websites, including groupize.com, or for base DNS or email configuration.
Security researchers may participate in the Groupize Bug Bounty Program by emailing firstname.lastname@example.org. Please include your name and contact information, the details of the issue you are reporting and any additional information about the vulnerability as you are able to provide. Groupize reserves the right to refuse participant’s requests without sufficient information.
The scope of this program is currently limited to our main application: app.groupize.com
groupize.com, groupizesolutions.com and other websites primarily used for marketing are ineligible for participation in this program.
The following vulnerabilities are not eligible for bounty:
You may be eligible to receive a monetary reward if:
All bounty amounts will be determined at the discretion of the Groupize engineering team who will evaluate each report for severity, impact, and quality. Rewards amounts vary depending upon the severity of the vulnerability reported. There could be submissions that we determine have an acceptable level of risk such that we do not make changes.
The minimum bounty amount for a validated bug submission is $50 USD. Groupize retains the right to determine if the bug submitted to the Bug Bounty Program is eligible. All determinations as to the amount of a bounty made by the Groupize team are final.
You’ll need to submit an invoice to receive payment for any bounty payment in excess of $400 USD or for any individual who has collected more than $400 USD in bounties throughout a fiscal year. Any individual with payments less than that threshold need not send a formal invoice. If required, the invoice has to meet all legal requirements. Groupize accepts the following payment methods.
PayPal email address
First and last name, address, bank name, SWIFT, IBAN number, sort code
Routing and account number
We do not currently support payment via western union, crypto-currency or other alternative payment mechanisms.
It’s important to include at least the following information in the email:
We will investigate legitimate reports and make every effort to quickly correct any vulnerability. A well written report will allow us to more quickly and accurately triage your submission.
There are constraints on who may participate in the Groupize Bug Bounty Program (the “Program”). In addition, there may be additional restrictions depending upon applicable local laws.
Any information you receive or collect about Groupize through the Bug Bounty Program must be kept confidential and only used in connection with the Bug Bounty Program. You may not use, disclose or distribute any such Confidential Information, including, but not limited to, any information regarding your Submission and information you obtain when researching the Groupize sites, without Groupize’s prior written consent.
Explore meeting, travel, expense & reporting modules.
7-day free trials are for organizations seeking to manage their meeting program.
See how Groupize can benefit the meetings and events in your organization.
Use the QR code and experience the Digital Sign-In for HCPs.