No technology is perfect, and Showmax believes that working with skilled security researchers across the globe is crucial in identifying weaknesses in any technology. If you believe you've found a security issue in our product or service, we encourage you to notify us. We welcome working with you to resolve the issue promptly.

Please refer to Bug Bounty Policy & Scope Page to get understanding of what is in scope and what is not.

You can sign up for a free Showmax account at https://secure.showmax.com/v134.0/website/signup.

Thank you for helping to keep Showmax and our users safe!

Bounty rewards

All confirmed vulnerabilities will be considered, assessed, and if valid then awarded a bounty based on the final severity. We distinguish between two types of valid reports:

• Reports for the main scope of our program

• Showmax blog - https://stories.showmax.com (a Wordpress site hosted on managed Wordpress hosting where we have limited influence on the server security)

Some out of scope reports may also be awarded bounty if we consider them impactful. We are especially interested in Authentication related, Authorization related, SQL injection and Cross Site Scripting basis and Remote Code Execution vulnerabilities. If eligible, the reward will be decided on a case by case basis.