Bug Bounty Programs

At PDQ our mission is to make device management simple, secure, and pretty damn quick. We know how important the security of our products is. We're a bunch of former sysadmins ourselves. Every decision we make revolves around ensuring our products are safe to use for managing your devices, which is why we have a bug bounty program. It’s a true win-win: We improve the security of our products, and you reap the rewards.

Creators of hit computer game franchises Bloons, Bloons TD and SAS: Zombie Assault for mobile and web. We have offices in Auckland, New Zealand and Dundee, Scotland. We are excited to engage with the security community to help us keep our users safe and our services secure. This is our second Bug Bounty program after a successful campaign in 2021.

Welcome to the Monzo public bug bounty program! 🚀 At Monzo we aim to create a banking service that makes our customers financial lives better and easier. Our mantra is “make money work for everyone” and we mean it! 👍 We have created several apps to provide intuitive, helpful, and enjoyable experiences across our range of products 💖. We won’t sacrifice security though! So if you find a security bug in one of our apps or services, this is the place to report it! Happy hunting!

The Suivo Web Platform provides access to Tracking data from vehicles equiped with Suivo hardware. The platform is built around 4 components: - Real-time Tracking data - Analytics based on historical Tracking data, both in a web view en generated reports - Communication: tasks and messages - Fleet management (Maintenance planning etc.)

Zen by Aikido is an embedded security engine for autonomously protecting applications against common web attacks, like shell injection and SQL injection. We do so by hooking into sinks, validating them together with the incoming user input and in case the request is malicious, we block the request. It's similar to a traditional WAF, but with the full context of the called code and the user's input.

Say unlocks the power of investor communications by working with broker-dealers to connect shareholders with the public companies they invest in.

Democratizing America’s financial system. Invest in stocks, ETFs, options, and cryptocurrencies commission-free. Disclosure: https://robinhood.com/legal

Soundtrack Your Brand offers music streaming services for businesses. We serve small customers like the café around the corner or larger brands like McDonald’s. Through our service customers have total control over the music and can manage locations across the world. We provide a wide variety of playback options, from mobile apps to custom hardware, that our customers use to play music at their venues. They manage their account, music and locations via our web app.

DataCamp’s mission is to democratize data skills for everyone. Companies and teams of every size use DataCamp to close their data skill gaps and make better data-driven decisions. Data science and analytics are rapidly shaping every aspect of our lives and our businesses. There is incredible power in data—but only if you know what to do with it. DataCamp teaches 1,600+ companies and 7 million individuals from 180+ countries the skills they need to work with data in the real world.

AS National Media & Tech (NMT) is a subsidiary of Axel Springer SE, a leading international media company. We develop and operate digital products for Germany’s top news brands, reaching over 50 million users each month. At Axel Springer, we stand for free journalism and unrestricted access to information, allowing people to make free decisions. To protect this, the security of our platforms and users is our top priority. Your contributions help us keep them safe.

Find the FLAG and win Intigriti swag! 🏆

At intigriti, we practice what we preach. We’ve built the platform with the greatest care and attention for security, but all software contains bugs and we are no exception to this rule. We encourage you to responsibly disclose any security vulnerabilities you may encounter and we will reward you accordingly.

Altera is a leading global semiconductor company known for its innovation in programmable logic devices (PLDs), including field-programmable gate arrays (FPGAs), complex programmable logic devices (CPLDs), and related software tools.

Arm is committed to security and welcomes feedback from researchers and the security community to improve its products and services. The Arm Bug Bounty Program represents a partnership between Arm and the research community. At Arm, we value collaboration with security researchers as a critical step toward enhancing the security of our products. We encourage researchers to work with us to identify, mitigate, and responsibly disclose potential security vulnerabilities. We look forward to collaborating with you! This program currently welcomes reports of vulnerabilities in certain versions of: - Firmware: Mali Command Stream Frontend (CSF) Firmware 'CSFFW' - Software: Mali GPU Kernel Driver (Kbase) By submitting your report, you agree to the terms of the Arm Bug Bounty Program. Arm reserves the right to alter the terms and conditions of this program at any time and its sole discretion.

SimScale is a browser-based, online engineering simulation platform that provides powerful modeling and simulation capabilities. With in-browser 3D visualization, scalable on-demand computing capacity, the SimScale platform enables a new way of using simulation technology. SimScale integrates a broad variety of simulation software tools for structural mechanics, fluid dynamics, and thermodynamics. The SimScale team and our partners are constantly expanding the features of the platform.

At Veriff we are passionate about creating a safer environment online. Our mission is to bring transparency to the digital world. We take the security of our systems seriously, and we value the security community. The disclosure of security vulnerabilities helps us ensure the security and privacy of our users. We ask all researchers to follow the guidelines provided.

Lansweeper is an IT asset management software provider helping businesses better understand, manage and protect their IT devices and network. Lansweeper helps customers minimize risks and optimize their IT assets by providing actionable insight into their IT infrastructure at all times, offering trustworthy, valuable, and accurate insights about the state of users, devices, and software.

Delen Private Bank is a family-based specialist in asset management, focused on wealth preservation, growth and careful planning. Our core values - entrepreneurship, personal service and long-term vision – inspire us to apply a proactive yet prudent investment philosophy. Honest, no-nonsense products and services help our clients to enjoy the good and beautiful things in life – both today and tomorrow.

Intergamma is the biggest DIY retailer of The Netherlands and Belgium with three brands: GAMMA Nederland, GAMMA België, and KARWEI. We have almost 400 DIY stores and operate three eCommerce websites. Our strategy is to be the best omnichannel retailer of the Netherlands and Belgium. This means offline and online are converging, and eCommerce is a growth market. Therefore a secure platform is paramount. For more information on our organization please visit https://www.intergamma.nl/

Ubisoft is a leading video game company, the creators of original and immersive worlds like Assassin's Creed, Far Cry, The Crew, Rainbow Six and Watch Dogs. We welcome the reporting of security vulnerabilities that would help us protect our players and assets.

Uphold is a global digital financial platform that enables users to buy, sell, and trade a wide range of assets, including cryptocurrencies, traditional fiat currencies, and precious metals. Operating in 140+ countries and supporting 300+ assets, Uphold provides secure multi-asset trading, instant transactions, and enterprise financial solutions. As a blockchain business, trust and security are fundamental to our success. Our reputation and brand image depend on maintaining the highest security standards, which is why security is a top priority at Uphold. This bug bounty program is a key part of our commitment to proactively identifying and mitigating security risks before they can impact our users or financial systems. As a researcher, you will be analyzing Uphold’s web applications, APIs, and mobile platforms, which facilitate multi-asset trading, financial transactions, and account management. Your contributions will help protect user funds, ensure transaction integrity, and enhance authentication security in a highly regulated financial environment. Review the program scope, rules of engagement, and testing guidelines carefully before submitting a report. We reward well-documented, high-impact security findings that strengthen the safety of our platform and uphold the trust of our users.

Aikido Security is an automated application security platform designed specifically for software engineering teams. We secure your entire stack - code, open-source dependencies, infrastructure, and more and integrate into your existing workflows to provide visibility and control across your entire application infrastructure.

The Coca-Cola Company is proud of our researcher community and the impactful findings they have provided over the years. We are bringing our VDP program to Intigriti to further our community growth and provide some exciting changes around our VDP reward structure. For more information about VDP rewards, please see the FAQ section below.

Tomorrowland is one of the most-loved and best-known music festivals on the planet. Because of this Tomorrowland usually sells out in minutes and manages a large fanbase. Tomorrowland also innovates by providing its visitors cashless onsite payments and a wide range of online services. This has increased Tomorrowland's digital footprint. We value all help we can get securing this digital footprint.