At Neon, speed and security go hand in hand. As we continue pushing the boundaries of database technology, we’re opening our platform to the world’s top security researchers to put it to the test. Security isn’t just something we do; it’s built into every layer of Neon. From our infrastructure to our API, we’re committed to creating a robust and resilient platform.

Three months ago, we launched our private bug bounty program on HackerOne. The goal? Identify vulnerabilities, strengthen defenses, and ensure top-tier security, fast. The results? Incredible. Security researchers delivered high-quality reports, helping us harden our platform. Now, we’re taking the next big step: our bug bounty program is officially going public!

Why Public? Why Now?

Security is a shared effort, and we’re taking it to the next level. By opening our bug bounty program to the global security research community, we’re tapping into diverse expertise to uncover vulnerabilities faster, strengthen our defenses, and continuously raise the bar for security.

Neon is growing fast, with more developers and businesses relying on our platform every day. Now is the time to scale our security efforts. The best way to do that? Invite the hackers to challenge our systems and make Neon even more secure.

What’s in Scope?

Our public bug bounty program focuses on web applications and APIs, keeping both staging and production environments available to ensure easy setup for testing. Researchers can sign up like real users to explore the platform and test different flows. To facilitate testing various subscription scenarios with Stripe test cards, we provide access to our staging environment.

• Web Application Security: Hunt for vulnerabilities in our platform’s interface, ensuring a secure experience for all users.

• API Security: Test endpoints for authentication, authorization, and data protection to keep sensitive data locked down. We share a list of API calls and identifiers in the program page. 

We’ve streamlined the scope so researchers can dive in fast and make an impact where it matters most.

Rewards for Impact

We value the time and expertise of security researchers, and we’re backing that up with competitive rewards. Depending on severity and impact, bounties range from $150 for low-risk issues to $3000 for critical vulnerabilities. The more critical the issue, the higher the payout.

We’re here to recognize and reward the hard work of hackers who help keep Neon secure. If you find a bug, we’re here to pay you for it.

Join Us on HackerOne

We’re excited to welcome researchers of all skill levels to test Neon and help us build a more secure platform. Think you can break our security? Prove it! Head over to HackerOne for the full program details, scope, and bounty structure.

Security is a team effort, and we’re looking forward to collaborating with the security community to protect our users. Let the hacking begin! 🔥