Rumble Bug Bounty Program


Rumble is committed to maintaining the highest security standards. Through our Bug Bounty Program, we expect to collaborate with security researchers who share this commitment and contribute to keeping Rumble safe and secure.

How to report

You can report security vulnerabilities by sending email at this email address

Scope

The following domains are in scope for our bug bounty program:

  1. *.rumble.com
  2. *.rumble.cloud
  3. *.locals.com

Out of scope

  1. Social engineering attacks
  2. Denial of service attacks

Reward

We evaluate reports based on severity, impact and quality of the report. Typically the maximum reward in our bug bounty program is one thousand ($1,000) USD. However, if a particular reported bug is extremely damaging in nature, we will go above that amount.

Report quality

Report quality is one of the factors when determining rewards. We expect each report to include the following:

  1. Vulnerability description
  2. Severity
  3. Impact
  4. Steps to reproduce (URLs, shell commands, screenshots, video)
  5. Recommendation

Payments

Payments are made directly to the reporter's Rumble account. The reporter will then be able to initiate a payment to PayPal.

Rumble logo