Bug Bounty - Vulnerability discovery

socat

Is there a bug bounty program or some conditions under which users have the freedom to try and detect vulnerabilities in Expensify? Usually it would need the user to register an account with clear "test" username or something, but I am not sure what is the case here - and would not try without permission.

Rachael Hopkins

Hi @socat if you would like to become a Contributor, I recommend you check this out. This is the programme for New Expensify. We don't have an official programme for Expensify.com, but you are always welcome to email Concierge with any concerns.

NikitaKoselev

It looks the "check this out" link above is broken.

I think this link is right https://github.com/Expensify/App/blob/main/contributingGuides/CONTRIBUTING.md

I think your Bug Bounty program is very impressive.

It would be nice if more people knew about it and could contribute.

Is it possible to ask @EddieJaoude to review it in one of his amazing videos?