Bug Bounty Programs

Grafana Labs is the company behind Grafana, Loki, Mimir and Tempo, the leading open source software for visualizing operational data. We are thrilled to invite you to participate in our bug bounty program in partnership with Grafana Labs' security team. Before beginning your research, we kindly request that you carefully review this program's scope. This will ensure that your efforts align with our objectives and that you receive proper compensation for any findings that meet the program's criteria. Happy hacking!

Cloudways by DigitalOcean is a managed web hosting platform that specialises in providing an easy-to-manage environment for web applications.

DigitalOcean, LLC. is an American multinational technology company and cloud service provider. DigitalOcean simplifies cloud computing so developers and businesses can spend more time building software that changes the world.

House of HR is a leading HR services group active all over Europe. Our entrepreneurial spirit drives us to provide specialized solutions in two key segments: Specialized Talent Solutions and Engineering & Consulting. Our decentralized model empowers rapid decision-making across our Powerhouses. If you find a security bug in one of our apps, this is the place to report it! Happy hunting! 🏹

The BMW Group looks forward to working with the security community to find vulnerabilities in order to keep its products and customers safe and secure. We are committed to working with you to verify, reproduce, and respond to legitimate reported vulnerabilities covered by this policy. Within this program bounties can be received by reporting vulnerabilities that are in the scope of program and marked as “Eligible”. Please take note of the current scope outlined below.

With its four brands BMW, MINI, Rolls-Royce and BMW Motorrad, the BMW Group is the world’s leading premium manufacturer of automobiles and motorcycles and also provides premium financial services. Our vehicles and products are tailored to the needs of our customers and constantly enhanced. We place special emphasis on the security, integrity and availability of our data and systems and thus also on those of our customers, employees and partners.

Driessen is a staffing agency for government, education and other vital sectors. We have been working exclusively for vital sectors for 30 years, making us one of the largest staffing agencies in the Netherlands. On our platform users can manage their jobs and employees (for employers). For example: candidates can find jobs and apply; employees can see payslips and send in declarations; employers can open a new job with a new vacancy or a payroll request.

The 9altitudes Vulnerability Disclosure Program (VDP) program to review no-bounty assets. 9altitudes is a European player with the main office in Belgium providing digital transformation for our customers focused on 3 main industry clusters – manufacturing, services, and wholesale & distribution. As a Microsoft Gold partner, we are mostly Microsoft-oriented with some own-IP and are an ever-expending organization by way of merge & acquisition.

Axel Springer SE, headquartered in Berlin, is a leading digital publisher known for its wide range of news outlets, magazines, and classifieds. Embracing digital innovation and transformation, the company prioritizes data protection and system integrity. To bolster its digital ecosystem's security, Axel Springer runs a vulnerability disclosure bug bounty program, encouraging cybersecurity experts to find and report vulnerabilities in its digital environment.

Signicat is Europe's leading provider of digital identity solutions. Our mission is to enable trust in the digital world by providing secure, seamless, and compliant identity solutions. We empower businesses and individuals to verify, authenticate, and manage identities with confidence—ensuring trust at every step of the customer journey, from onboarding to offboarding.

This Bug Bounty program is an official and first program run by Škoda Auto a.s. It is focused on the newest version of MyŠkoda mobile application available for iOS and Android. We appreciate the possibility to work with you either remotely or by joining us at the factory and testing the app within our cars! In advance, we thank you for your time and invite you to step into the era of a proactive approach to cyber security together! Škoda Auto a.s.

Orbia is a purpose-led manufacturing group of companies, passionate about the challenges that define how people will live and thrive tomorrow to deliver strategic, collaborative, and human-centered solutions. As part of our commitment to security, we invite researchers to participate in the disclosure program, helping us ensure protection of our systems. Join us in identifying and reporting vulnerabilities to maintain the highest standards of security for our customers and partners.

Allegro sp. z o.o. (hereinafter referred to as “Allegro”) is a leading online marketplace platform in Poland offering a wide range of products across various categories. Allegro provides a secure, user-friendly interface for customers to shop and sellers to list their items. At Allegro we take security seriously and we believe that working with skilled security researchers is crucial in identifying weaknesses. If you have found a security issue in our service, we encourage you to notify us.

Welcome to the Responsible Vulnerability Disclosure Program of Citymesh. Citymesh is one of the Telecommunication Operators in Belgium. Citymesh helps its customers with the implementation, integration, and maintenance of network infrastructure. Citymesh wants to offer its customers quality connectivity solutions that help them achieve their business goals.

The Coca-Cola Company is proud of our researcher community and the impactful findings they have provided over the years. We are bringing our VDP program to Intigriti to further our community growth and provide some exciting changes around our VDP reward structure. For more information about VDP rewards, please see the FAQ section below.

This is an application which is accessed by bpost contractual customers like Amazon, zalando who can login and track the parcels history which was announced by them to bpost for handling. Only the specific logged in senders can view thier own parcel status, not cross sender accounts.

Kiwa is an autonomous global organization in Testing, Inspection and Certification (TIC), training and consultancy services. We create trust by contributing to the transparency of the quality, safety and sustainability of your organization’s products, services, processes, systems and employees, as well as personal and environmental performance. You have the ambition and we help you to go forward!

Democratizing America’s financial system. Invest in stocks, ETFs, options, and cryptocurrencies commission-free. Disclosure: https://robinhood.com/legal

Say unlocks the power of investor communications by working with broker-dealers to connect shareholders with the public companies they invest in.

One submission and 51,337 reasons to get to it. Cybersecurity is part of our nature and we understand that only by challenging our ways, we get to improve. The Capture Our Flag program is a targeted challenge that leverages Intigriti's core assets: submissions. This ensures our core product is secure at all times, and is a testament to the trust we build with our researchers and to our customers.

Dstny (https://www.dstny.com/) is a leading European innovator in secure cloud communications, driven by our robust UCaaS solutions and cutting-edge technology. We empower service providers, partners, end-users, and third-party services to thrive within our dynamic ecosystem. Participating in a bug bounty program provides a unique opportunity to enhance our cybersecurity by collaborating with a global community of skilled ethical hackers. With over 15000 domain names and IP addresses in our program, we offer a broad and dynamic scope to ensure comprehensive security testing. This proactive approach reinforces our commitment to delivering secure, reliable communication solutions.

At Veriff we are passionate about creating a safer environment online. Our mission is to bring transparency to the digital world. We take the security of our systems seriously, and we value the security community. The disclosure of security vulnerabilities helps us ensure the security and privacy of our users. We ask all researchers to follow the guidelines provided.

Freepik’s mission is to push the boundaries of artificial intelligence to empower creativity worldwide. We are developing cutting-edge AI projects that reimagine how people create, design, and interact with visual content, making creativity more accessible, faster, and smarter. While innovation is at the core of what we do, we also recognize the importance of building securely. We value the work of the security research community in making the internet a safer place. Although our dedicated team applies the best security practices to prevent potential vulnerabilities, we want to open the door for the community to contribute to this effort.

Rivian exists to create products and services that help our planet transition to carbon neutral energy and transportation. Rivian designs, develops, and manufactures category-defining electric vehicles and accessories and sells them directly to customers in the consumer and commercial markets. Rivian complements its vehicles with a full suite of proprietary, value-added services that address the entire lifecycle of the vehicle and deepen its customer relationships.