Trello Ongoing Bounty Program Results Report

This document is a report detailing the results of the Ongoing Bounty Program conducted by Bugcrowd for Trello, covering the period from April 1, 2023, to June 30, 2023. The report outlines the methodology employed, which leverages a crowd of security researchers to identify vulnerabilities in Trello's applications and services. It describes the targets included in the assessment, such as trello.com, various Trello mobile applications, and integrations. The report summarizes the findings, including the number of submissions received, categorized by technical severity. A total of 51 submissions were made, resulting in 14 unique valid issues, with a breakdown of vulnerabilities ranging from critical to low severity. The document also includes insights into the testing methods used and the overall security posture of Trello at the time of assessment. The findings aim to inform Trello about potential security vulnerabilities and provide guidance on remediation steps.