Last Updated: May 2026

If you believe you’ve found a security vulnerability on robessa.com, we encourage you to contact us immediately. We review every legitimate report and aim to resolve issues quickly. Before submitting, please review the fundamentals, our bug-bounty guidelines, reward tiers and the list of non-reportable issues below.

Fundamentals

If you follow these principles when reporting a security issue, Robessa will not initiate legal action or enforcement against you in response to your report. We ask that you:

  • Give us reasonable time to review and fix the issue before disclosing it publicly or sharing it with others
  • Do not interact with or access private accounts without the account owner’s consent
  • Make a good-faith effort to avoid privacy violations, service disruptions or data destruction
  • Do not exploit the issue for any reason — including to demonstrate further risks or access sensitive data
  • Comply with all applicable laws

Bug Bounty Program

Robessa rewards qualifying researchers who identify and responsibly report security vulnerabilities. Bounties are awarded at our discretion based on risk, impact, and report quality.

To potentially qualify for a bounty, you must:

  • Follow the fundamentals listed above
  • Report a valid security issue that poses a real risk to privacy or security
  • Submit your report through our security contact email — please do not contact employees directly
  • Disclose any accidental privacy violations or service disruptions in your report
  • Understand that all valid reports are investigated, but priority is based on risk; a response may take some time
  • Agree that Robessa reserves the right to publish submitted reports

Rewards

Rewards are based on the impact and severity of the vulnerability. Please provide detailed, reproducible steps in your report — issues that cannot be reproduced are not eligible for a bounty. The first valid report of an issue receives the bounty; multiple bugs caused by a single underlying issue are treated as one report.

Critical Severity – $200

  • Remote Code Execution
  • Remote shell or command execution
  • Vertical authentication bypass
  • SQL injection that leaks targeted data
  • Full account takeover

High Severity – $100

  • Lateral authentication bypass
  • Disclosure of sensitive internal data
  • Stored XSS affecting other users
  • Local file inclusion
  • Insecure handling of authentication cookies

Medium Severity – $50

  • Logic or business-process flaws
  • Insecure object references

Low Severity – Recognition Only

  • Open redirects
  • Reflected XSS
  • Low-sensitivity information disclosure

How to Report

Please email security findings to contact@robessa.com with the subject line “Security Report”. Include reproducible steps, affected endpoints, and any proof-of-concept material that helps us validate and fix the issue.

Contact Robessa

  • Address: 112 Prosperity Blvd, Piedmont, SC 29673, United States
  • Phone: +1 212-334-0212
  • Email: contact@robessa.com