Private Bug Bounty Program

Homebase runs a private, invite-only bug bounty program through Bugcrowd, working with trusted security researchers to find and fix vulnerabilities before they can be exploited.

Overview:

At Homebase, we recognize that no technology is without flaws, and we value the expertise of security researchers around the world in helping us uncover vulnerabilities. Protecting the small businesses and hourly teams who rely on us is a responsibility we take seriously, and coordinated disclosure is a core part of how we do it.

The program operates on an invitation-only basis. Invited researchers get access to the full program brief — scope, rewards, and rules of engagement — and submit, track, and communicate on every report directly within Bugcrowd.

Reporting a vulnerability

Either way, please keep your findings confidential until we've had the opportunity to investigate and address them with you. Responsible, coordinated disclosure keeps Homebase secure for everyone who depends on it.