Post image

At Neon, security is at the core of everything we do. Our serverless platform was built with a vision for innovation, but we also know that a commitment to security is paramount. That’s why we’re excited to announce the launch of our Neon’s Bug Bounty Program in partnership with HackerOne.

We’ve designed this program to engage with talented security researchers and ethical hackers worldwide. By joining forces with HackerOne’s community, we can further enhance our security and maintain the trust our users place in us.

Why Launch a Bug Bounty Program?

A secure database environment is critical for our users. As a company dedicated to open-source technology and continuous improvement, we recognize that cybersecurity threats evolve, and our defenses must be equally dynamic. While our internal security practices are robust, this program reflects our commitment to collaboration, welcoming researchers to help us identify vulnerabilities we might have missed.

Proactive Security Measures: Our 2024 Pentesting Results

This year, we reinforced our security practices by conducting three comprehensive penetration tests across different areas of our infrastructure. These tests resulted in the identification of 58 vulnerabilities, which were promptly resolved within our SLA timelines. Each finding was an opportunity to strengthen our platform, and by addressing them, we have further ensured the reliability of our systems.

Key Features of the Bug Bounty Program

Our private Bug Bounty Program offers security researchers the opportunity to test specific, high-impact areas of our platform. Participants will be rewarded based on the severity and impact of their findings, and our security team is committed to swift communication and resolution for any identified vulnerabilities.

Here’s a brief overview:

  • Scope: The program will cover core aspects of our Neon platform, focusing on components crucial to maintaining user security and privacy, such as authentication, data protection, and API security. In addition to the production environment, we’ll also include staging in scope, allowing researchers to test new functionality before it is launched in production. This ensures that potential vulnerabilities are identified and resolved early, reinforcing our commitment to proactive security and safeguarding our users’ trust.
  • Rewards: Bounties range from $150 to $3,000, with rewards calculated based on the severity of each vulnerability. We’ll increase the rewards throughout the year based on the engagement.
  • Response Times: We strive to acknowledge reports within 2 business days, triage within another 10 days, and issue bounty payments within 30 days, depending on the complexity.

Join Us in Our Mission for a Secure Database Platform

Our goal is to create a resilient and secure platform, and we believe this can best be achieved by collaborating with the security community. Through this Bug Bounty Program, we aim to strengthen our platform and continue offering our users a trusted environment for their data.

Security researchers and ethical hackers: we invite you to join us on this journey. Your insights and expertise will be instrumental in helping us fortify Neon and protect our users.

Together, we can make Neon a platform built not only for innovation but also for the highest standards of security.

If you have a Hackerone account, reach out to security@neon.tech with your account URL to be added to the program.

Additionally if you found a vulnerability, submit it via this form.

Neon is a serverless Postgres platform that helps you ship faster via instant provisioning, autoscaling, and database branching. We have a generous Free Plan – sign up here.