Bug Bounty Programs

With its four brands BMW, MINI, Rolls-Royce and BMW Motorrad, the BMW Group is the world’s leading premium manufacturer of automobiles and motorcycles and also provides premium financial services. Our vehicles and products are tailored to the needs of our customers and constantly enhanced. We place special emphasis on the security, integrity and availability of our data and systems and thus also on those of our customers, employees and partners.

Driessen is a staffing agency for government, education and other vital sectors. We have been working exclusively for vital sectors for 30 years, making us one of the largest staffing agencies in the Netherlands. On our platform users can manage their jobs and employees (for employers). For example: candidates can find jobs and apply; employees can see payslips and send in declarations; employers can open a new job with a new vacancy or a payroll request.

The 9altitudes Vulnerability Disclosure Program (VDP) program to review no-bounty assets. 9altitudes is a European player with the main office in Belgium providing digital transformation for our customers focused on 3 main industry clusters – manufacturing, services, and wholesale & distribution. As a Microsoft Gold partner, we are mostly Microsoft-oriented with some own-IP and are an ever-expending organization by way of merge & acquisition.

Axel Springer SE, headquartered in Berlin, is a leading digital publisher known for its wide range of news outlets, magazines, and classifieds. Embracing digital innovation and transformation, the company prioritizes data protection and system integrity. To bolster its digital ecosystem's security, Axel Springer runs a vulnerability disclosure bug bounty program, encouraging cybersecurity experts to find and report vulnerabilities in its digital environment.

Signicat is Europe's leading provider of digital identity solutions. Our mission is to enable trust in the digital world by providing secure, seamless, and compliant identity solutions. We empower businesses and individuals to verify, authenticate, and manage identities with confidence—ensuring trust at every step of the customer journey, from onboarding to offboarding.

This Bug Bounty program is an official and first program run by Škoda Auto a.s. It is focused on the newest version of MyŠkoda mobile application available for iOS and Android. We appreciate the possibility to work with you either remotely or by joining us at the factory and testing the app within our cars! In advance, we thank you for your time and invite you to step into the era of a proactive approach to cyber security together! Škoda Auto a.s.

Orbia is a purpose-led manufacturing group of companies, passionate about the challenges that define how people will live and thrive tomorrow to deliver strategic, collaborative, and human-centered solutions. As part of our commitment to security, we invite researchers to participate in the disclosure program, helping us ensure protection of our systems. Join us in identifying and reporting vulnerabilities to maintain the highest standards of security for our customers and partners.

Allegro sp. z o.o. (hereinafter referred to as “Allegro”) is a leading online marketplace platform in Poland offering a wide range of products across various categories. Allegro provides a secure, user-friendly interface for customers to shop and sellers to list their items. At Allegro we take security seriously and we believe that working with skilled security researchers is crucial in identifying weaknesses. If you have found a security issue in our service, we encourage you to notify us.

Welcome to the Responsible Vulnerability Disclosure Program of Citymesh. Citymesh is one of the Telecommunication Operators in Belgium. Citymesh helps its customers with the implementation, integration, and maintenance of network infrastructure. Citymesh wants to offer its customers quality connectivity solutions that help them achieve their business goals.

The Coca-Cola Company is proud of our researcher community and the impactful findings they have provided over the years. We are bringing our VDP program to Intigriti to further our community growth and provide some exciting changes around our VDP reward structure. For more information about VDP rewards, please see the FAQ section below.

This is an application which is accessed by bpost contractual customers like Amazon, zalando who can login and track the parcels history which was announced by them to bpost for handling. Only the specific logged in senders can view thier own parcel status, not cross sender accounts.

Kiwa is an autonomous global organization in Testing, Inspection and Certification (TIC), training and consultancy services. We create trust by contributing to the transparency of the quality, safety and sustainability of your organization’s products, services, processes, systems and employees, as well as personal and environmental performance. You have the ambition and we help you to go forward!

Democratizing America’s financial system. Invest in stocks, ETFs, options, and cryptocurrencies commission-free. Disclosure: https://robinhood.com/legal

Say unlocks the power of investor communications by working with broker-dealers to connect shareholders with the public companies they invest in.

One submission and 51,337 reasons to get to it. Cybersecurity is part of our nature and we understand that only by challenging our ways, we get to improve. The Capture Our Flag program is a targeted challenge that leverages Intigriti's core assets: submissions. This ensures our core product is secure at all times, and is a testament to the trust we build with our researchers and to our customers.

Dstny (https://www.dstny.com/) is a leading European innovator in secure cloud communications, driven by our robust UCaaS solutions and cutting-edge technology. We empower service providers, partners, end-users, and third-party services to thrive within our dynamic ecosystem. Participating in a bug bounty program provides a unique opportunity to enhance our cybersecurity by collaborating with a global community of skilled ethical hackers. With over 15000 domain names and IP addresses in our program, we offer a broad and dynamic scope to ensure comprehensive security testing. This proactive approach reinforces our commitment to delivering secure, reliable communication solutions.

At Veriff we are passionate about creating a safer environment online. Our mission is to bring transparency to the digital world. We take the security of our systems seriously, and we value the security community. The disclosure of security vulnerabilities helps us ensure the security and privacy of our users. We ask all researchers to follow the guidelines provided.

Rivian exists to create products and services that help our planet transition to carbon neutral energy and transportation. Rivian designs, develops, and manufactures category-defining electric vehicles and accessories and sells them directly to customers in the consumer and commercial markets. Rivian complements its vehicles with a full suite of proprietary, value-added services that address the entire lifecycle of the vehicle and deepen its customer relationships.

Every day, billions of people come into contact with Bühler technologies to meet their basic needs for food, mobility, and more. Our technologies are in your smartphone, solar panels, diapers, lipstick, banknotes, the food you eat, and the vehicles you drive. We strive to innovate for a better world, with a special focus on healthy, safe, and sustainable solutions. Learn more about Bühler at www.buhlergroup.com.

Advanced Micro Devices, Inc., commonly abbreviated as AMD, is an American multinational semiconductor company based in Santa Clara, California, that develops computer processors and related technologies for business and consumer markets.

Webnode is an amazingly simple website builder. Launched in 2008, it has already helped over 50 million users create their own websites. Webnode has recently been acquired by the number one hosting company in Europe and therefore the product will be used and implemented throughout different brands in Europe.

DHL Group is a global logistics company providing services in express delivery, freight transportation, supply chain management, e-commerce solutions, as well as postal and parcel services. As part of our commitment to security, we invite researchers to participate in our vulnerability disclosure program, helping us ensure protection of our systems. Join us in identifying and reporting potential vulnerabilities to maintain the highest standards of security for our customers and partners.

Revolut is a financial technology company that offers banking services. It offers accounts featuring currency exchange, debit cards, virtual cards, interest-bearing "vaults", commission-free stock trading, crypto, commodities, and other services to over 60M customers. Please visit our website for more information: www.revolut.com

Responsible Disclosure indicates ING’s continued commitment to improve its security posture. As part of this process, we work closely with security researchers to identify and report vulnerabilities they find within our systems. ING appreciates security researchers efforts in reporting vulnerabilities on its systems as long as the discovered vulnerability is in scope, detected without the use of intrusive testing techniques, and follows the disclosure guidelines below: