Bug Bounty Program

Revision: June 2023

Writer has implemented this Bug Bounty Program to encourage the identification and reporting of security vulnerabilities and ensure the continued security of our platform and services.

In-Scope Vulnerabilities

Security vulnerabilities found on:

  • app.writer.com
  • Chrome browser extension
  • Edge browser extension
  • Word plugin
  • Outlook plugin
  • Figma plugin
  • Contentful plugin
  • MacOS desktop application
  • Windows desktop application

Including but not limited to:

  • Cross-site Scripting
  • Cross-site Request Forgery
  • Improper authorization or authentication
  • Injection of malicious code

Out-of-Scope Examples

  • Vulnerabilities on the marketing website writer.com / www.writer.com
  • Vulnerabilities on third-party websites
  • Physical attacks, such as social engineering and denial of service
  • Obtaining data not in the control of the application
  • Vulnerabilities requiring physical proximity
  • Spam or social engineering techniques
  • Vulnerabilities requiring separate authorization other than the application or service
  • Reports from automated tools or scanners
  • Reports about missing best practices
  • Reports concerning techniques or methods not typically deemed security risks, but behaving differently than expected
  • Using a known attack vector to target another user


If you believe you have discovered a valid security vulnerability send email to:


  • A detailed description of the vulnerability, including steps to reproduce
  • Specify the affected URLs
  • If possible, provide proof of concept code
  • How you would like to be paid


Writer values the timely disclosure of potential security vulnerabilities found on our platform and will provide a reward for the reporting of in-scope vulnerabilities that lead to mitigation. Rewards will be based on severity and range from $100 to $1,000 at Writer’s sole discretion.

We reserve the right to modify the terms of this policy at any time and will keep our Bug Bounty Program up to date with the latest changes.

"(Required)" indicates required fields

Contact our sales team
This field is for validation purposes and should be left unchanged.