Statsig

Statsig is a one-stop shop for product, engineering, and data teams to come together.

Web2

Bounty

Please visit the official website for the latest information.

Bug Bounty at Statsig

Our primary focus is on high/critical findings that result in unauthorized access to user data. These are eligible for bounties. We don’t prioritize bugs that allow an attacker to bypass limits on free accounts, exceed rate limits or use simple passwords. These are not eligible for a bounty.

If your bug is enough to make our security team’s skin crawl and is accepted as eligible for the bounty, the base payment is $100 per bug.

But if you find a really nasty type, the bounty goes higher. A panel of Statsig experts will consider the criticality of the bug (as well as its neatness) and determine bounty.

Recommended Blogs

Securing NASA For Certificate📜 P3 Vulnerability

Manan Sanghvi

•

Jan 26, 2025

In under age (<18), How I Hacked Multi- Billion-Dollar-Corp and got first 4 fig. $2600 Bounty!

Manan Sanghvi

•

Dec 10, 2023

RCE via Apache Struts2 - Still out there

Abhishek

•

Feb 27, 2020