Frequently Asked Question

WebBoss does not have a bug bounty programme in place, but we do have a Vulnerability Disclosure Program (VDP) where you can report issues you may have discovered. The outline of the VDP is as follows:

Please limit your report to the most serious of vulnerabilities.

1. This is a Vulnerability Disclosure Program (VDP) and not a bug bounty.
2. System owners have not given you any permission for recon, scanning or testing.
3. Please contact WebBoss Ltd first before attempting to make contact with individual website owners who use the WebBoss or Instantecom platform.
4. If reporting cross-site scripting, provide details of the browser used for testing such as name and version.
5. Please also report the WebBoss.io version number of the website in question (usually found in the website footer).
6. Once a report has been triaged, we will attempt to contact the affected parties on your behalf. However, this may take a long time. We will keep you informed of any progress so you don’t need to ask for updates.
7. You must comply with all applicable laws.

To submit a report, use the following link: Vulnerability Reporting.