Solved: Where to submit minor security finding for develop...

Fanicia · 2023-09-28

I have found a minor security issue on developer.spotify.com, and I am wondering where I should disclose it?

The issue isn't with the site itself, but rather that one of the tutorials is teaching developers to do something insecurely. While the security issue is by no means critical, I would like to disclose it non-publicly (just in case) to whoever is able to handle the issue.

I had a look at your Hackerone program, and this seems outside scope of that.

alvaron · 2023-09-29

Hey,

Thanks a lot for reporting this. Could you please write me a private message with your findings? (click on my avatar and then "message")

View solution in original post

mauve_minnow · 2023-09-28

Hi Fanicia, you can share your findings with the Security Bug Bounty program. Spotify works with HackerOne to be sure that reported vulnerabilities are handled and the reporters are recognized for their contributions.

If your issue is outside the scope of that program, then you can report it to the Spotify support team here and they should be able to be sure it's dealt with properly.

Hope this helps!

alvaron · 2023-09-29

Hey,

Thanks a lot for reporting this. Could you please write me a private message with your findings? (click on my avatar and then "message")

Fanicia · 2023-09-29

Great. I've just sent you a DM with my report 🙂

Help categories

Account & Payment

Using Spotify

Listen Everywhere

Where to submit minor security finding for developer.spotify.com?

Where to submit minor security finding for developer.spotify.com?

Suggested posts

Help Wizard

Step 1

Just quickly...

FAQs

Ongoing Issues

Help categories

Account & Payment

Using Spotify

Listen Everywhere

Where to submit minor security finding for developer.spotify.com?

Where to submit minor security finding for developer.spotify.com?

Suggested posts