Bug Bounties

Stripe

Powered by: 

Allows bounty splitting: 

Average time to first program response: 5

Average time to bounty awarded null: 209

Average time to report resolved: 445

Handle stripe

Managed program: true

Name: Stripe

Offers bounties: true

Offers swag: false

Response efficiency percentage: 97

Submission state: open

Url: https://hackerone.com/stripe

Website: https://stripe.com

In scope:

  • Asset identifier: *.getbouncer.com
  • Asset type: URL
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: *.indiehackers.com
  • Asset type: URL
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: **Only Critical vulnerabilities on this asset are eligible for reward.**
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: *.link.co
  • Asset type: URL
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: Link is a simple and secure way to pay in one click on tens of thousands of sites. Save your payment information with Link the first time you check out. Link will autofill your saved card details and shipping addresses for all future purchases on Link-supported sites. Users can manage their saved information on the link.co website. Landing page: https://link.co Main application: https://app.link.co Support page: https://support.link.co
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: *.payable.com
  • Asset type: URL
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: **Only Critical vulnerabilities on this asset are eligible for reward.**
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: *.recko.io
  • Asset type: URL
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: *.reckoproduction.com
  • Asset type: URL
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: *.reckostaging.com
  • Asset type: URL
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: *.stripe.com
  • Asset type: URL
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: *.touchtechpayments.com
  • Asset type: URL
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: **Only Critical vulnerabilities on this asset are eligible for reward.**
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: 978516833
  • Asset type: APPLE_STORE_APP_ID
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: Stripe iOS Dashboard App
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: Stripe Apps
  • Asset type: OTHER
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: Stripe Atlas
  • Asset type: OTHER
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: Startup incorporation Docs: https://stripe.com/docs/atlas
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: Stripe Billing
  • Asset type: OTHER
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: Subscriptions and invoicing Docs: https://stripe.com/docs/billing Sample Billing applications: * [stripe-samples/subscription-use-cases](https://github.com/stripe-samples/subscription-use-cases): Create subscriptions with fixed prices or usage based billing. * [stripe-samples/checkout-single-subscription](https://github.com/stripe-samples/checkout-single-subscription): Learn how to combine Checkout and Billing for fast subscription pages
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: Stripe Capital
  • Asset type: OTHER
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: Stripe Checkout
  • Asset type: OTHER
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: Prebuilt, Stripe hosted checkout page URL: https://checkout.stripe.com/ Docs: https://stripe.com/docs/payments/checkout Sample Checkout applications: * [stripe-samples/checkout-subscription-and-add-on](https://github.com/stripe-samples/checkout-subscription-and-add-on): Uses Stripe Checkout to create a payment page that starts a subscription for a new customer. * [stripe-samples/checkout-one-time-payments](https://github.com/stripe-samples/checkout-one-time-payments): Use Checkout to quickly collect one-time payments.
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: Stripe Climate
  • Asset type: OTHER
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: Stripe Connect
  • Asset type: OTHER
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: Payments for platforms and marketplaces Docs: https://stripe.com/docs/connect Sample Connect applications: * [stripe/stripe-demo-connect-kavholm-marketplace](https://github.com/stripe/stripe-demo-connect-kavholm-marketplace): Demo app for Global Marketplace using Stripe Connect * [stripe/stripe-connect-rocketrides](https://github.com/stripe/stripe-connect-rocketrides): Sample on-demand platform built on Stripe: Connect onboarding for pilots, iOS app for passengers to request rides.
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: Stripe Dashboard
  • Asset type: OTHER
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: A user interface to operate and configure your Stripe account. URL: https://dashboard.stripe.com Docs: https://stripe.com/docs/dashboard/home
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: Stripe Data Pipeline
  • Asset type: OTHER
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: Stripe Elements
  • Asset type: OTHER
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: Secure frontend UI component Docs: https://stripe.com/docs/stripe-js Sample Stripe Elements application: [stripe/elements-examples](https://github.com/stripe/elements-examples): Stripe Elements examples
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: Stripe Financial Connections
  • Asset type: OTHER
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: Stripe Identity
  • Asset type: OTHER
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: Stripe Invoicing
  • Asset type: OTHER
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: Stripe Issuing
  • Asset type: OTHER
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: Card creation Docs: https://stripe.com/docs/issuing
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: Stripe Open Source
  • Asset type: OTHER
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: Open source projects authored or maintained by Stripe. Only non-archived and non-demo/non-sample projects are in scope. Projects forked from upstream sources are not in scope unless the reported functionality is used by Stripe. URL: https://github.com/stripe
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: Stripe Payment Links
  • Asset type: OTHER
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: Stripe Payments
  • Asset type: OTHER
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: Online payments Docs: https://stripe.com/docs/payments Sample Payments application: [stripe-samples/accept-a-card-payment](https://github.com/stripe-samples/accept-a-card-payment): Learn how to accept a basic card payment on web, iOS, Android
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: Stripe Radar
  • Asset type: OTHER
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: Fraud and risk management Docs: https://stripe.com/docs/radar
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: Stripe Revenue Recognition
  • Asset type: OTHER
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: Stripe SDKs
  • Asset type: OTHER
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: Official API libraries URL: https://stripe.com/docs/libraries Terminal SDKs: https://stripe.com/docs/terminal/payments/setup-integration
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: Stripe Sigma
  • Asset type: OTHER
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: Custom reports Docs: https://stripe.com/docs/sigma
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: Stripe Tax
  • Asset type: OTHER
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: Stripe Terminal
  • Asset type: OTHER
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: In-person and omnichannel payments Docs: https://stripe.com/docs/terminal Sample Terminal application: [stripe/stripe-terminal-js-demo](https://github.com/stripe/stripe-terminal-js-demo): Demo app for the Stripe Terminal JS SDK
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: Stripe Treasury
  • Asset type: OTHER
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: api.stripe.com
  • Asset type: URL
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: https://stripe.com/docs/api
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: api.taxjar.com
  • Asset type: URL
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: We only offer a bounty for High and Critical severity reports. We continue to accept Low and Medium severity reports, but such reports received after 2022-10-14 are no longer eligible for a bounty payment.
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: app.taxjar.com
  • Asset type: URL
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: We only offer a bounty for High and Critical severity reports. We continue to accept Low and Medium severity reports, but such reports received after 2022-10-14 are no longer eligible for a bounty payment.
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: com.stripe.android.dashboard
  • Asset type: GOOGLE_PLAY_APP_ID
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: js.stripe.com
  • Asset type: URL
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: https://stripe.com/docs/js Sample Stripe.js application: https://github.com/stripe-samples/accept-a-card-payment
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: www.stripe.partners
  • Asset type: URL
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: 
  • Max severity: critical