Announcements

Help Wizard

Step 1

NEXT STEP

FAQs

Please see below the most popular frequently asked questions.

Loading article...

Loading faqs...

VIEW ALL

Ongoing Issues

Please see below the current ongoing issues which are under investigation.

Loading issue...

Loading ongoing issues...

VIEW ALL

Where to submit minor security finding for developer.spotify.com?

Solved!

Where to submit minor security finding for developer.spotify.com?

I have found a minor security issue on developer.spotify.com, and I am wondering where I should disclose it?

 

The issue isn't with the site itself, but rather that one of the tutorials is teaching developers to do something insecurely. While the security issue is by no means critical, I would like to disclose it non-publicly (just in case) to whoever is able to handle the issue.

 

I had a look at your Hackerone program, and this seems outside scope of that. 

 

Reply

Accepted Solutions
Marked as solution

Hey,

 

Thanks a lot for reporting this. Could you please write me a private message with your findings? (click on my avatar and then "message")

View solution in original post

3 Replies

Hi Fanicia, you can share your findings with the Security Bug Bounty program. Spotify works with HackerOne to be sure that reported vulnerabilities are handled and the reporters are recognized for their contributions. 

If your issue is outside the scope of that program, then you can report it to the Spotify support team here and they should be able to be sure it's dealt with properly.

Hope this helps!

Marked as solution

Hey,

 

Thanks a lot for reporting this. Could you please write me a private message with your findings? (click on my avatar and then "message")

Great. I've just sent you a DM with my report 🙂

Suggested posts

Let's introduce ourselves!

Hey there you,   Yeah, you! 😁   Welcome - we're glad you joined the Spotify Community!   While you here, let's have a fun game and get…

ModeratorStaff / Moderator/ 4 years ago  in Social & Random