Vulnerability Disclosure Program (VDP)
VDPs are meant for responsibly reporting vulnerabilities you encounter — not for actively hunting for fame or reputation. Even if you're just starting out, consider focusing on rewarded bug bounty programs instead.
square
7
In Scope
9
Out of Scope
In-Scope Assets (7)
| Asset | Category | Bounty | Quick Links | |
|---|---|---|---|---|
| Square Register | HARDWARE | No | - | |
| Square Terminal | HARDWARE | No | - | |
| https://apps.apple.com/us/app/square-point-of-sale-pos/id335393788 | IOS | No | - | |
| https://play.google.com/store/apps/details?id=com.squareup&hl=en_US&gl=US | ANDROID | No | ||
| https://square.online | URL | No | ||
| https://squareup.com/ | URL | No | ||
| https://www.weebly.com/ | URL | No |
Out-of-Scope Assets (9)
| Asset | Category | Bounty | |
|---|---|---|---|
| Any vulnerabilities found in Third-party software | URL | No | |
| http://community.squareup.com | OTHER | No | |
| https://afterpay.com | URL | No | |
| https://app.squareupstaging.com/v1/ask-ai/copilot/spotlight/query | OTHER | No | |
| https://cash.me | URL | No | |
| https://designers.weebly.com/ | URL | No | |
| https://itunes.apple.com/us/app/cash-app/id711923939?mt=8 | IOS | No | |
| https://play.google.com/store/apps/details?id=com.squareup.cash | ANDROID | No | |
| https://tidal.com/ | URL | No |