As part of its commitment to enhancing the security of widely used communication
tools, VulnPoint, a prominent player in the cybersecurity bug bounty arena, has
launched a substantial bounty initiative. The company is offering a reward of up to
$300,000 for zero-day exploits that target the Slack application on Windows and MacOS operating systems.
Scope of the Bounty
This bounty specifically seeks to identify fully functional remote code execution (RCE)
exploits that compromise the Slack desktop applications on both Windows and MacOS. To qualify, these exploits must enable remote code execution under regular application usage conditions without requiring any direct interaction from the user.
Requirements for Submission:
- Target Application: The exploit must be effective against the latest version of
the Slack application. - Stealth and Reliability: The exploit should operate in a discreet and reliable
manner, ensuring that there are no indications of exploitation visible to the end-
user. - User Interaction: No user interaction should be required for the exploit to
trigger, including avoiding actions like clicking on links or downloading files. - Documentation: Submissions must be accompanied by the exploit code and a
detailed whitepaper that describes the vulnerability and the exploitation
technique.
Importance of This Bounty
The focus on Slack through this bounty is driven by its critical role in organizational
communication worldwide. With Slack being a central hub for corporate
communications, the potential impact of a security breach could be enormous, affecting not just individual users but entire organizations. By incentivizing the discovery and responsible disclosure of vulnerabilities.
VulnPoint’s Announcement on Twitter
To raise awareness about this significant bounty and encourage participation from the
global security research community, VulnPoint has taken to social media. The company
announced on Twitter:
