About the Studio Bug Bounty Program
At Studio.Design, we have established a Bug Bounty Program to enhance the security and provide a safe service for our customers.
The goal of this program is to proactively discover and address previously unknown vulnerabilities in our products, thereby improving our overall security posture.
We offer rewards based on the severity of the reported vulnerability. Please carefully review the contents of this article before participating, as there are certain conditions for receiving a bounty.
This article will cover the program's scope, important notes, and the steps for submitting a vulnerability report.
Scope
All features and content within Studio.Design [ https://app.studio.design/projects ]
Out-of-Scope Vulnerabilities
The following cases are not eligible for a bounty:
Vulnerabilities already known to the company
Vulnerabilities already reported by a third party
Vulnerabilities with publicly disclosed information
Vulnerabilities that cannot be reproduced at the time of reporting
Issues related to URL redirection
Clickjacking vulnerabilities
Display issues on error pages
Issues related to security headers (e.g., CSP)
Replay attacks on specific features
Vulnerabilities that only affect the reporter (e.g., self-contained cross-site scripting)
Server-side application information disclosure
Issues related to the handling of non-SSL cookies
Prohibited Activities
Please do not publicly disclose detailed information about discovered vulnerabilities.
Do not engage in activities that could impact the overall service, such as high-load attacks.
Notes on Reporting
Reports are accepted in Japanese or English only.
Please comply with the following:
Inquiries
For inquiries after submitting a report, please use the chat function within IssueHunt. Note that our chat support cannot handle inquiries regarding vulnerability reports.
Reporting Process
Expect a review period of 1-5 business days for your submission. Please note that we may not approve all submissions, and we will not disclose the reasons for rejection.
Register for an account on IssueHunt (the bug bounty platform).
Access IssueHunt and sign up as a "Researcher." During registration, you will need to agree to IssueHunt's Terms of Service. If you already have an account, proceed to the next step.
Apply to join Studio's program.
While logged into IssueHunt in your browser, access the following URL and click "Join the program.”
[ Researcher’s URL ]
Submit your report.
Once your application is approved, you will receive an email notification at the email address you used to register for IssueHunt.
After logging into IssueHunt, you will see "Studio Inc." listed in the program directory. Click on it and submit your report using the provided template.
Following the review of your report, a bounty will be awarded if the eligibility criteria are satisfied.