Homebase runs a private, invite-only bug bounty program through Bugcrowd, working with trusted security researchers to find and fix vulnerabilities before they can be exploited.
Overview:
At Homebase, we recognize that no technology is without flaws, and we value the expertise of security researchers around the world in helping us uncover vulnerabilities. Protecting the small businesses and hourly teams who rely on us is a responsibility we take seriously, and coordinated disclosure is a core part of how we do it.
The program operates on an invitation-only basis. Invited researchers get access to the full program brief — scope, rewards, and rules of engagement — and submit, track, and communicate on every report directly within Bugcrowd.
Reporting a vulnerability
Invited researchers
Submit through Bugcrowd
Head to the Homebase engagement on Bugcrowd. Scope, rewards, and testing rules all live there.
Not invited yet
Email our security team
If you discover a security issue, please report it below. Researchers who consistently submit high-quality findings may be invited to join our private bug bounty program, where eligible reports may qualify for a monetary reward.
Either way, please keep your findings confidential until we've had the opportunity to investigate and address them with you. Responsible, coordinated disclosure keeps Homebase secure for everyone who depends on it.