Bug Bounty Programs

An open source, off-grid, decentralized, mesh network built to run on affordable, low-power devices Hey Hackers! If you met us at DEF CON thank you for your interest in this program. This program can be used to disclose any vulnerabilities found on the devices handed out during the Con.

Dropbox invites security researchers to responsibly disclose security vulnerabilities in its services via a structured VDP. Unlike its bug bounty program, this VDP does not offer monetary rewards, though Dropbox may offer discretionary “thank you” bonuses or inclusion in a public hall of fame. The program emphasizes legal protections, timely handling of submissions, and a communication channel for responsible disclosures that are not seeking a reward.

Welcome to the Dropbox Bug Bounty program — where your curiosity helps keep millions of users safe. At Dropbox, we take security seriously, and we know the best defenses are built with input from the wider security community. Whether you're diving into our apps, APIs, or backend systems, your expertise plays a critical role in protecting the data people trust us with every day. We reward creativity, precision, and clear reporting — and we’re here to support you along the way. Be sure to check out our scope, rules, and submission guidelines before getting started. Let’s work together to make Dropbox even more secure — one bug at a time.

Proof℠ is the world's first identity-assured transaction management platform. Developed by the same market leaders and experts who brought notarization online with Notarize℠, Proof offers trust in a digital world by verifying identities and securing transactions to protect your business and its customers. When risk is low and speed matters, get it signed. When the law dictates it, get it notarized. When trust matters, you need Proof. Welcome to our public vulnerability disclosure page! This program is sponsored by the Information Security team. We look forward to your submissions.

Welcome to the Coveo VDP Coveo uses AI-powered search and recommendations to deliver personalized experiences across websites, apps, and enterprise systems. By ingesting and analyzing data, we help organizations provide relevant content and insights to their users through our search services. Why are we of interest to a bug bounty researcher like yourself? Our platform is complex and runs a variety of interesting features. We have dozens of automated crawlers that will connect to any website/service you point them too, we allow customers to run python code directly in our infrastructure, we have 20+ years of experience in AI and are at the forefront of the latest secure GenAI deployments. If you think you can find flaws in these features or any other, welcome aboard! Additionally, reporters with high quality findings/reports will be invited into our private bug bounty program with higher rewards.

Arm is committed to security and welcomes feedback from researchers and the security community to improve its products and services. The Arm Bug Bounty Program represents a partnership between Arm and the research community. At Arm, we value collaboration with security researchers as a critical step toward enhancing the security of our products. We encourage researchers to work with us to identify, mitigate, and responsibly disclose potential security vulnerabilities. We look forward to collaborating with you! This program currently welcomes reports of vulnerabilities in certain versions of: - Firmware: Mali Command Stream Frontend (CSF) Firmware 'CSFFW' - Software: Mali GPU Kernel Driver (Kbase) By submitting your report, you agree to the terms of the Arm Bug Bounty Program. Arm reserves the right to alter the terms and conditions of this program at any time and its sole discretion.

Exact Exact is the business software market leader in the Benelux. We are the go to provider for companies looking to automate their accounting, financial, ERP, HRM and CRM processes. We also offer a range of industry specific solutions to fully manage all of your business processes needs. Exact Online (Premium), is currently in an invite-only Bug Bounty Program. For a Complete view on Exact Products - https://www.exact.com/products & https://www.exact.com/products/accountancy

As a pioneering force in the business travel sector, our company has redefined the landscape of corporate lodging and travel management through our innovative Lodging-As-A-Service platform. We facilitate seamless and secure experiences in lodging procurement, workspace management, and financial transactions for our global clientele. In an era marked by rapid technological advancements and stringent data protection standards, our commitment to maintaining robust information security is not only a regulatory mandate but a cornerstone of our customer trust and business excellence. Our purpose is to revolutionize the business travel experience through our Lodging-As-A-Service platform, providing seamless, secure, and efficient lodging management, workspace solutions, and payment processing for businesses operating globally.

Żabka Group is the ultimate convenience ecosystem that aims to make people’s lives easier. We accompany consumers at every moment of the day, freeing up their time through the possibility of convenient grocery shopping, have a hot meal on the go, send a package, withdraw cash or take advantage of a dietary catering with delivery. We are aware, that despite our greatest efforts, our knowledge may not be sufficent to keep us safe. Therefore we started our vulnerability disclosure program because we believe that working closely with skilled security researchers is beneficial to for all parties.

Donorbox is a technology company established in 2014. The company provides an online fundraising platform enabling individuals and nonprofit organizations to facilitate online donations. The platform is utilized by various types of organizations, including charities, religious institutions, schools, animal welfare groups, political campaigns, among others.

RGF Staffing Belgium is part of global player RGF Staffing, one of the world's largest HR services providers, with activities in Australia, Asia, Europe and North America. With a focus on digital platforms, we allow our candidates & customers using selfservice solutions we provide. As an HR company, a lot of PII-data is managed internally. We want to be an example within the market to guarantee the confidentiality of our data, following the highest information security & privacy standards.

We are happy to relaunch our public VDP program! We've done our best to clean up our issues and now would like to request your help to spot the ones we missed! We start with just a few domains and want to continously increase our scope at regular intervals. So keep checking this page from time to time to see if there is anything new to find. ⚠️ Only submissions that follow the Rules of Engagement (e.g., using an intigriti.me email) and are not Out of Scope will be considered valid. Actions like mail bombing, denial of service, changing/removing data or parameters, or interfering with asset functionality are strictly forbidden and not protected by the safe harbor clause. Always aim to prevent harm, review all relevant sections before starting and follow the rules of engagment. Arbonia is one of the world's leading interior brands for doors, showers, and dividing systems made from wood, glass and metal. The company, which is listed on the SIX Swiss Exchange, is active as a leading supplier in Western, Central, and Eastern Europe with its own distribution companies. Its main production sites are located in Switzerland, Germany, Poland, Spain, Czech Republic, Portugal, and France. A total of around 3'700 employees work for the Arbonia.

Altera is a leading global semiconductor company known for its innovation in programmable logic devices (PLDs), including field-programmable gate arrays (FPGAs), complex programmable logic devices (CPLDs), and related software tools.

Welcome to the Monzo public bug bounty program! 🚀 At Monzo we aim to create a banking service that makes our customers financial lives better and easier. Our mantra is “make money work for everyone” and we mean it! 👍 We have created several apps to provide intuitive, helpful, and enjoyable experiences across our range of products 💖. We won’t sacrifice security though! So if you find a security bug in one of our apps or services, this is the place to report it! Happy hunting!

Who is OVO? - We launched in 2009 with a belief that energy could be better. We’re helping UK homes on the Path to Zero. https://www.ovoenergy.com/about What do we do? - OVO is a leading energy technology company determined to create a world with clean, affordable energy for everyone. Relationship to bug bounty? - No technology is perfect and OVO believes that working with skilled security researchers across the globe is crucial in identifying weaknesses in any technology.

Zen by Aikido is an embedded security engine for autonomously protecting applications against common web attacks, like shell injection and SQL injection. We do so by hooking into sinks, validating them together with the incoming user input and in case the request is malicious, we block the request. It's similar to a traditional WAF, but with the full context of the called code and the user's input.

Aikido Security is an automated application security platform designed specifically for software engineering teams. We secure your entire stack - code, open-source dependencies, infrastructure, and more and integrate into your existing workflows to provide visibility and control across your entire application infrastructure.

Grafana Labs is the company behind Grafana, Loki, Mimir and Tempo, the leading open source software for visualizing operational data. We are thrilled to invite you to participate in our bug bounty program in partnership with Grafana Labs' security team. Before beginning your research, we kindly request that you carefully review this program's scope. This will ensure that your efforts align with our objectives and that you receive proper compensation for any findings that meet the program's criteria. Happy hacking!

Cloudways by DigitalOcean is a managed web hosting platform that specialises in providing an easy-to-manage environment for web applications.

DigitalOcean, LLC. is an American multinational technology company and cloud service provider. DigitalOcean simplifies cloud computing so developers and businesses can spend more time building software that changes the world.

House of HR is a leading HR services group active all over Europe. Our entrepreneurial spirit drives us to provide specialized solutions in two key segments: Specialized Talent Solutions and Engineering & Consulting. Our decentralized model empowers rapid decision-making across our Powerhouses. If you find a security bug in one of our apps, this is the place to report it! Happy hunting! 🏹

The BMW Group looks forward to working with the security community to find vulnerabilities in order to keep its products and customers safe and secure. We are committed to working with you to verify, reproduce, and respond to legitimate reported vulnerabilities covered by this policy. Within this program bounties can be received by reporting vulnerabilities that are in the scope of program and marked as “Eligible”. Please take note of the current scope outlined below.

With its four brands BMW, MINI, Rolls-Royce and BMW Motorrad, the BMW Group is the world’s leading premium manufacturer of automobiles and motorcycles and also provides premium financial services. Our vehicles and products are tailored to the needs of our customers and constantly enhanced. We place special emphasis on the security, integrity and availability of our data and systems and thus also on those of our customers, employees and partners.

Driessen is a staffing agency for government, education and other vital sectors. We have been working exclusively for vital sectors for 30 years, making us one of the largest staffing agencies in the Netherlands. On our platform users can manage their jobs and employees (for employers). For example: candidates can find jobs and apply; employees can see payslips and send in declarations; employers can open a new job with a new vacancy or a payroll request.