45466 policies in database
Link to program      
2016-07-21
2020-04-11
Sophos logo
Thank
Gift
HOF
Reward

Reward

100 $ 

Sophos

Program Overview

At Sophos, we understand the effort that goes into security research. To show our appreciation to researchers who help keep our products and our customers safe, we are glad to introduce a Responsible Disclosure Program to provide recognition and rewards for responsibly disclosed vulnerabilities.

Sophos rewards the responsible disclosure of any identified and confirmed security vulnerability that could be used to compromise the confidentiality or integrity of our Sophos or users' data (such as by bypassing our authentication or authorization process, privilege escalation, or instigating action on another user's behalf). Kudos rewards and recognition in the Sophos Security Hall of Fame may be provided for the disclosure of qualifying bugs, depending on severity and creativity of identified issues. Sophos may also award company swag for qualifying issues. Additionally, please see the "Monetary Rewards" section below for details on monetized vulnerability reports.

The scope of this program is limited to technical security vulnerabilities in Sophos owned websites, applications, products, and software. Additionally, in general no credentials or product keys will be provided for this program - all testing is to be performed using self-provisioned credentials against legally obtained Sophos products (including free trials). See the section Credentials for more details.
For a more detailed description of our scope for endpoint software, see the section Special Targets for details.

This program largely adheres to the Bugcrowd Vulnerability Rating Taxonomy for the rating/prioritization of findings.

We do however NOT accept SPF/DKIM/DMARC issues at this point in time.

Scope and rewards

Program rules

This program does not offer financial or point-based rewards for P5 — Informational findings. Learn more about Bugcrowd’s VRT.

In Scope

Scope Type Scope Name
undefined

XG Firewall

undefined

Intercept X Endpoint

undefined

Sophos Central

undefined

Any Other Sophos Product or Service

undefined

XG Firewall - Pre-auth RCE

web_application

*.sophos.com

web_application

*.hitmanpro.com

web_application

*.reflexion.net

web_application

*.astaro.com

web_application

*.cyberoam.com

Out of Scope

Scope Type Scope Name
web_application

*.ddns.cyberoam.com

web_application

tickets.reflexion.net

web_application

app.reflexion.net

web_application

autodiscover.hitmanpro.com

web_application

*eventreg.sophos.com

web_application

events.sophos.com

web_application

lyncdiscover.hitmanpro.com

web_application

mev.hitmanpro.com

web_application

*.releaseportal.cyberoam.com

web_application

shop.hitmanpro.com

web_application

sip.hitmanpro.com

web_application

sophos.atlassian.net (Public service desk)

web_application

support.hitmanpro.com

web_application

surveys.sophos.com


This program can reward you in USD, up to 20000 $.

FireBounty © 2015-2024

Legal notices | Privacy policy