30840 policies in database
Link to program      
2015-06-30
2020-04-23
Bugcrowd logo
Thank
Gift
HOF
Reward

Reward

300 $ 

Bugcrowd

Bugcrowd orchestrates the creativity of the crowd to solve some of cybersecurity's toughest challenges. Our own security is our highest priority.

If you think you’ve found a security vulnerability in our systems, we invite you to report it to us via our platform. We commit to working with you to get it assessed and handled appropriately, and offer cash rewards for valid, unique vulnerability reports.

This program is for reporting potential security vulnerabilities only. If you want to report a functional bug, require assistance with a submission, or have a general question, please visit our contact page.

We’ve set up a bounty on the Bugcrowd platform called Hack Me!, where you’re welcome to hack as if on a customer’s bounty. Please do not ever test against a real customer’s bounty. As stated in our code of conduct, disruptive testing which affects other Researchers’ access to the testing environment, or adversely impacts a customer’s systems and/or accounts is prohibited.

Our bounty program adheres strictly to Bugcrowd’s Vulnerability Rating Taxonomy – a collaborative, community-driven effort to classify common security vulnerabilities and identify baseline severity ratings based on real findings across hundreds of bug bounty programs. Before submitting your vulnerability, consult the VRT to determine its severity and whether it may be eligible for a reward. Vulnerabilities with a P5 baseline rating according to the VRT are generally not eligible for a bounty. If you’d like to make a suggestion to improve the VRT, you can create an issue on GitHub.

Bonuses

When presented with especially interesting High (P2) or Critical (P1) Priority vulnerabilities – especially if our internal knowledge allows us to identify a much greater impact than what an outside researcher's proof-of-concept may have suggested on its own – we may choose to award an additional bonus amount of up to 100% of the initial reward suggested by our priority guidelines. Such bonuses are always at our discretion.

Scope and rewards

Program rules

This program follows Bugcrowd’s standard disclosure terms.

For any testing issues (such as broken credentials, inaccessible application, or Bugcrowd Ninja email problems), please email support@bugcrowd.com. We will address your issue as soon as possible.

This program does not offer financial or point-based rewards for P5 — Informational findings. Learn more about Bugcrowd’s VRT.

This program requires explicit permission to disclose the results of a submission.

In Scope

Scope Type Scope Name
api

api.bugcrowd.com

api

Crowdcontrol

web_application

bugcrowd.com

web_application

docs.bugcrowd.com

Out of Scope

Scope Type Scope Name
web_application

www.bugcrowd.com

web_application

blog.bugcrowd.com

web_application

forum.bugcrowd.com

web_application

email.bugcrowd.com

web_application

email.forum.bugcrowd.com

web_application

go.bugcrowd.com

web_application

pages.bugcrowd.com

web_application

events.bugcrowd.com

web_application

researcherdocs.bugcrowd.com

web_application

assetinventory.bugcrowd.com

web_application

community.bugcrowd.com


The progam has been crawled by Firebounty on 2015-06-30 and updated on 2020-04-23, 468 reports have been received so far.

FireBounty © 2015-2022

Legal notices | Privacy