Bug Bounty Programs

Arm is committed to security and welcomes feedback from researchers and the security community to improve its products and services. The Arm Bug Bounty Program represents a partnership between Arm and the research community. At Arm, we value collaboration with security researchers as a critical step toward enhancing the security of our products. We encourage researchers to work with us to identify, mitigate, and responsibly disclose potential security vulnerabilities. We look forward to collaborating with you! This program currently welcomes reports of vulnerabilities in certain versions of: - Firmware: Mali Command Stream Frontend (CSF) Firmware 'CSFFW' - Software: Mali GPU Kernel Driver (Kbase) By submitting your report, you agree to the terms of the Arm Bug Bounty Program. Arm reserves the right to alter the terms and conditions of this program at any time and its sole discretion.

Exact Exact is the business software market leader in the Benelux. We are the go to provider for companies looking to automate their accounting, financial, ERP, HRM and CRM processes. We also offer a range of industry specific solutions to fully manage all of your business processes needs. Exact Online (Premium), is currently in an invite-only Bug Bounty Program. For a Complete view on Exact Products - https://www.exact.com/products & https://www.exact.com/products/accountancy

Nexuzhealth is the Flemish market leader for the creation, implementation and maintenance of centralised electronic health records (EHR). By offering medical data in a transparent and unambiguous way to hospitals, doctors, home nurses and patients, nexuzhealth wants to contribute to the quality of care with digital solutions.

Nexuzhealth is the Flemish market leader for the creation, implementation and maintenance of centralised electronic health records (EHR). By offering medical data in a transparent and unambiguous way to hospitals, doctors, doctors and patients, nexuzhealth wants to contribute to the quality of care with digital solutions.

As a pioneering force in the business travel sector, our company has redefined the landscape of corporate lodging and travel management through our innovative Lodging-As-A-Service platform. We facilitate seamless and secure experiences in lodging procurement, workspace management, and financial transactions for our global clientele. In an era marked by rapid technological advancements and stringent data protection standards, our commitment to maintaining robust information security is not only a regulatory mandate but a cornerstone of our customer trust and business excellence. Our purpose is to revolutionize the business travel experience through our Lodging-As-A-Service platform, providing seamless, secure, and efficient lodging management, workspace solutions, and payment processing for businesses operating globally.

Żabka Group is the ultimate convenience ecosystem that aims to make people’s lives easier. We accompany consumers at every moment of the day, freeing up their time through the possibility of convenient grocery shopping, have a hot meal on the go, send a package, withdraw cash or take advantage of a dietary catering with delivery. We are aware, that despite our greatest efforts, our knowledge may not be sufficent to keep us safe. Therefore we started our vulnerability disclosure program because we believe that working closely with skilled security researchers is beneficial to for all parties.

Donorbox is a technology company established in 2014. The company provides an online fundraising platform enabling individuals and nonprofit organizations to facilitate online donations. The platform is utilized by various types of organizations, including charities, religious institutions, schools, animal welfare groups, political campaigns, among others.

RGF Staffing Belgium is part of global player RGF Staffing, one of the world's largest HR services providers, with activities in Australia, Asia, Europe and North America. With a focus on digital platforms, we allow our candidates & customers using selfservice solutions we provide. As an HR company, a lot of PII-data is managed internally. We want to be an example within the market to guarantee the confidentiality of our data, following the highest information security & privacy standards.

We are happy to relaunch our public VDP program! We've done our best to clean up our issues and now would like to request your help to spot the ones we missed! We start with just a few domains and want to continously increase our scope at regular intervals. So keep checking this page from time to time to see if there is anything new to find. ⚠️ Only submissions that follow the Rules of Engagement (e.g., using an intigriti.me email) and are not Out of Scope will be considered valid. Actions like mail bombing, denial of service, changing/removing data or parameters, or interfering with asset functionality are strictly forbidden and not protected by the safe harbor clause. Always aim to prevent harm, review all relevant sections before starting and follow the rules of engagment. Arbonia is one of the world's leading interior brands for doors, showers, and dividing systems made from wood, glass and metal. The company, which is listed on the SIX Swiss Exchange, is active as a leading supplier in Western, Central, and Eastern Europe with its own distribution companies. Its main production sites are located in Switzerland, Germany, Poland, Spain, Czech Republic, Portugal, and France. A total of around 3'700 employees work for the Arbonia.

Altera is a leading global semiconductor company known for its innovation in programmable logic devices (PLDs), including field-programmable gate arrays (FPGAs), complex programmable logic devices (CPLDs), and related software tools.

Welcome to the Monzo public bug bounty program! 🚀 At Monzo we aim to create a banking service that makes our customers financial lives better and easier. Our mantra is “make money work for everyone” and we mean it! 👍 We have created several apps to provide intuitive, helpful, and enjoyable experiences across our range of products 💖. We won’t sacrifice security though! So if you find a security bug in one of our apps or services, this is the place to report it! Happy hunting!

Who is OVO? - We launched in 2009 with a belief that energy could be better. We’re helping UK homes on the Path to Zero. https://www.ovoenergy.com/about What do we do? - OVO is a leading energy technology company determined to create a world with clean, affordable energy for everyone. Relationship to bug bounty? - No technology is perfect and OVO believes that working with skilled security researchers across the globe is crucial in identifying weaknesses in any technology.

Zen by Aikido is an embedded security engine for autonomously protecting applications against common web attacks, like shell injection and SQL injection. We do so by hooking into sinks, validating them together with the incoming user input and in case the request is malicious, we block the request. It's similar to a traditional WAF, but with the full context of the called code and the user's input.

Aikido Security is an automated application security platform designed specifically for software engineering teams. We secure your entire stack - code, open-source dependencies, infrastructure, and more and integrate into your existing workflows to provide visibility and control across your entire application infrastructure.

SolarWinds was founded by IT professionals solving complex problems in the simplest way, and we have carried that spirit forward since 1999. Serv-U® offer simple, affordable, easy-to-use FTP software solution with enhanced security and control over file transfers in and outside your organization. With Serv-U Gateway, secure addition to Serv-U MFT and FTP server, you gain deeper protection for file transfers by allowing an incoming connection in DMZ.

Grafana Labs is the company behind Grafana, Loki, Mimir and Tempo, the leading open source software for visualizing operational data. We are thrilled to invite you to participate in our bug bounty program in partnership with Grafana Labs' security team. Before beginning your research, we kindly request that you carefully review this program's scope. This will ensure that your efforts align with our objectives and that you receive proper compensation for any findings that meet the program's criteria. Happy hacking!

Cloudways by DigitalOcean is a managed web hosting platform that specialises in providing an easy-to-manage environment for web applications.

DigitalOcean, LLC. is an American multinational technology company and cloud service provider. DigitalOcean simplifies cloud computing so developers and businesses can spend more time building software that changes the world.

House of HR is a leading HR services group active all over Europe. Our entrepreneurial spirit drives us to provide specialized solutions in two key segments: Specialized Talent Solutions and Engineering & Consulting. Our decentralized model empowers rapid decision-making across our Powerhouses. If you find a security bug in one of our apps, this is the place to report it! Happy hunting! 🏹

The BMW Group looks forward to working with the security community to find vulnerabilities in order to keep its products and customers safe and secure. We are committed to working with you to verify, reproduce, and respond to legitimate reported vulnerabilities covered by this policy. Within this program bounties can be received by reporting vulnerabilities that are in the scope of program and marked as “Eligible”. Please take note of the current scope outlined below.

With its four brands BMW, MINI, Rolls-Royce and BMW Motorrad, the BMW Group is the world’s leading premium manufacturer of automobiles and motorcycles and also provides premium financial services. Our vehicles and products are tailored to the needs of our customers and constantly enhanced. We place special emphasis on the security, integrity and availability of our data and systems and thus also on those of our customers, employees and partners.

Driessen is a staffing agency for government, education and other vital sectors. We have been working exclusively for vital sectors for 30 years, making us one of the largest staffing agencies in the Netherlands. On our platform users can manage their jobs and employees (for employers). For example: candidates can find jobs and apply; employees can see payslips and send in declarations; employers can open a new job with a new vacancy or a payroll request.

The 9altitudes Vulnerability Disclosure Program (VDP) program to review no-bounty assets. 9altitudes is a European player with the main office in Belgium providing digital transformation for our customers focused on 3 main industry clusters – manufacturing, services, and wholesale & distribution. As a Microsoft Gold partner, we are mostly Microsoft-oriented with some own-IP and are an ever-expending organization by way of merge & acquisition.

Axel Springer SE, headquartered in Berlin, is a leading digital publisher known for its wide range of news outlets, magazines, and classifieds. Embracing digital innovation and transformation, the company prioritizes data protection and system integrity. To bolster its digital ecosystem's security, Axel Springer runs a vulnerability disclosure bug bounty program, encouraging cybersecurity experts to find and report vulnerabilities in its digital environment.