Launch rate
Skip to content

Security - responsible disclosure

Help protect job seekers. Get RoleWorth credits after validation.

This program rewards good-faith reports with RoleWorth promo credits and consent-based public recognition. Rewards are paid in promo credits only - not cash, not gift cards, not bank transfers. Credits cannot be farmed through duplicate reports and clear only after triage and a confirmed fix. Public credit on the leaderboard is consent-based and verified.

critical

750

RoleWorth promo credits after validation. Credits only, not cash.

Critical Finder

high

300

RoleWorth promo credits after validation. Credits only, not cash.

High Impact Finder

medium

100

RoleWorth promo credits after validation. Credits only, not cash.

Verified Finder

low

25

RoleWorth promo credits after validation. Credits only, not cash.

In scope

  • auth
  • billing
  • supabase_rls
  • referrals
  • credits
  • extension
  • ai
  • workflow
  • privacy
  • docs

Out of scope

  • DDoS or resource exhaustion
  • social engineering
  • physical attacks
  • spam-only reports without security impact
  • self-XSS without user impact
  • public disclosure before fix
  • third-party platforms not owned by RoleWorth

Report template

Title
Severity guess
Affected feature
Affected URL
Steps to reproduce
Expected behavior
Actual behavior
Evidence URLs
Public credit consent

SLA target: Critical/High acknowledgment in 24-48h; Medium/Low in 72h. Public disclosure before fix is out of scope.

Report tool

Submit a security issue

High and critical reports require evidence URLs. Public credit is consent-only after validation and fix.

My reports

Validation trail

Loading...