Security Bounty Program

At KeyCDN, we’re huge advocates of security. Whenever a new security vulnerability appears, we take it very seriously and rectify the problem as quickly as possible. Whether it be implementing new features to help keep your account secure, hardening our infrastructure to better protect against attacks, or writing articles revolving around how to improve web security in general, this topic is very important to us.

That’s why we’ve launched a security bounty program that rewards anyone who discovers a security vulnerability related directly to KeyCDN.

Bounty Program

The KeyCDN bounty program provides online security researchers the chance to be rewarded for identifying security vulnerabilities. This program is designed in a way where if a researcher identifies and notifies us of a valid vulnerability, then the researcher will be compensated based on the severity level of the vulnerability. There are 2 different severity levels:

  • Non-critical – Researchers reporting any non-critical bugs that can be verified by KeyCDN will receive $100 in monetary compensation, paid via Paypal.
  • Critical – Researchers reporting any critical bugs that can be verified by KeyCDN will receive $500 in monetary compensation, paid via Paypal.

In order to be eligible for compensation, the bugs must not have been previously reported.

Vulnerabilities Excluded from the Bounty Program

There are certain bugs or vulnerabilities  that are excluded from KeyCDN’s security bounty program. These include the following list:

  • Beast vulnerability
  • Clickjacking
  • Path disclosure
  • Information disclosure
  • Open directory listing
  • Application errors
  • Username listing and enumeration
  • HttpOnly cookie disclosure
  • Clear sessions after password change
  • CSRF bypass
  • Self-XSS
  • CORS
  • DNSSEC
  • DMARC

Reporting a Security Issue

If you believe that you have identified a valid security issue, contact us via the KeyCDN contact page. Please ensure that you explain the vulnerability in detail so that we are accurately able to assess the severity of the bug.

A member of the KeyCDN support team will get back to you as soon as possible to either ask for more details or compensate your research with a bounty.

Taking advantage of this program helps improve the overall security of all KeyCDN users while providing compensation to valued researchers who help us make the web a safer place.

Keeping Your KeyCDN Account Secure

If you’re not a security expert but want to learn more about what steps you can take to harden your KeyCDN account security, check out our following articles.