We're eternally grateful for all of those who put in hard work to identify weaknesses within Buffer. Depending on the potential severity of a report, we like to reward those who responsibly disclose vulnerabilities with an acknowledgement, swag and bounty money.
We appreciate the work that goes into finding and disclosing security flaws in Buffer and would like to thank the following individuals and organizations:
We've been working closely with Egor and his team at Sakurity to identify key weaknesses within our app. They've continuously proven to be experts in identifying OAuth weaknesses. They have helped us identify and resolve potential security holes such as account hijacking, access token leaks, XSS and CSRF exploits.