Help Us Raise the Bar for Security

At Corporate, security is not an afterthought; it is our core design principle. We believe that even the most robust architecture benefits from continuous, independent scrutiny by security experts.

Our Security Partner Program is an invitation to professional security researchers, ethical hackers, and penetration testing firms to help us identify and remediate potential vulnerabilities in the Corporate Framework.

By working together, we can ensure our platform remains one of the most secure foundations for building business-critical applications.

Why Partner with Us?

We value the expertise of the security community and believe in rewarding it. As a partner, you get.

  • A Complex and Interesting Challenge

    Get access to a modern, enterprise-grade platform with a rich feature set, including multi-factor authentication, a full API, and granular access controls, providing a meaningful and challenging target.

  • Direct Collaboration

    Work directly with our core engineering team. We believe in a transparent and collaborative process where your findings are discussed with the engineers who built the system.

  • Recognition and Rewards

    We offer competitive bounties for qualifying vulnerabilities based on their severity and impact.

    We also believe in public recognition (with your permission) in our Acknowledgments page (Hall of Fame).

  • Exclusive Access

    Vetted partners may be invited to review and test new, security-critical features before they are released to the public.

Program Scope and Rules of Engagement

To ensure a productive and safe process, we have defined a clear scope for testing.

In Scope

  • The Corporate Framework (test.corporate.app).
  • The Corporate Framework API (api.test.corporate.app).
  • The Corporate website (www.corporate.net).
  • The Corporate IdP (idp.corporate.net).
  • The Developer Hub (developers.corporate.net).
  • The Partner Portal (partners.corporate.net).
  • The Support Portal (support.corporate.net).

Out of Scope

  • Attacks against applications built and operated by our customers or partners.
  • Denial of Service (DoS) or Distributed Denial of Service (DDoS) attacks.
  • Physical attacks against Corporate's offices or data centers.
  • Social engineering, phishing, or other attacks targeting Corporate's employees, partners, or customers.
  • Using vulnerabilities to access, modify, delete, or store data that does not belong to you.
  • Third-party services that we use.

We are primarily interested in vulnerabilities such as those listed in the OWASP Top 10 (e.g., Injection, Broken Authentication, XSS, etc.).

How to Participate

Our program is open to approved security professionals.

  1. Apply to the Program

    Start by submitting an application with information about your background, expertise, and previous research.

  2. Vetting and Approval

    Our security team will review your application. We prioritize researchers with a proven track record.

  3. Report Your Findings

    Once approved, you can submit your findings through our secure disclosure channel. Please provide a detailed report with a clear proof-of-concept.

  4. Validation and Reward

    Our team will validate your finding, determine the severity, and process your bounty and/or recognition.

Ready to Make an Impact?

If you are a security professional who shares our commitment to building a more secure web, we invite you to apply.

Contact our Partnership Team to get startet

Can't find what you're looking for?

Contact Us - We're here to help!