Bug Bounty Programs

Altera is a leading global semiconductor company known for its innovation in programmable logic devices (PLDs), including field-programmable gate arrays (FPGAs), complex programmable logic devices (CPLDs), and related software tools.

Welcome to the Monzo public bug bounty program! 🚀 At Monzo we aim to create a banking service that makes our customers financial lives better and easier. Our mantra is “make money work for everyone” and we mean it! 👍 We have created several apps to provide intuitive, helpful, and enjoyable experiences across our range of products 💖. We won’t sacrifice security though! So if you find a security bug in one of our apps or services, this is the place to report it! Happy hunting!

Who is OVO? - We launched in 2009 with a belief that energy could be better. We’re helping UK homes on the Path to Zero. https://www.ovoenergy.com/about What do we do? - OVO is a leading energy technology company determined to create a world with clean, affordable energy for everyone. Relationship to bug bounty? - No technology is perfect and OVO believes that working with skilled security researchers across the globe is crucial in identifying weaknesses in any technology.

Zen by Aikido is an embedded security engine for autonomously protecting applications against common web attacks, like shell injection and SQL injection. We do so by hooking into sinks, validating them together with the incoming user input and in case the request is malicious, we block the request. It's similar to a traditional WAF, but with the full context of the called code and the user's input.

Aikido Security is an automated application security platform designed specifically for software engineering teams. We secure your entire stack - code, open-source dependencies, infrastructure, and more and integrate into your existing workflows to provide visibility and control across your entire application infrastructure.

SolarWinds was founded by IT professionals solving complex problems in the simplest way, and we have carried that spirit forward since 1999. Serv-U® offer simple, affordable, easy-to-use FTP software solution with enhanced security and control over file transfers in and outside your organization. With Serv-U Gateway, secure addition to Serv-U MFT and FTP server, you gain deeper protection for file transfers by allowing an incoming connection in DMZ.

Grafana Labs is the company behind Grafana, Loki, Mimir and Tempo, the leading open source software for visualizing operational data. We are thrilled to invite you to participate in our bug bounty program in partnership with Grafana Labs' security team. Before beginning your research, we kindly request that you carefully review this program's scope. This will ensure that your efforts align with our objectives and that you receive proper compensation for any findings that meet the program's criteria. Happy hacking!

Cloudways by DigitalOcean is a managed web hosting platform that specialises in providing an easy-to-manage environment for web applications.

DigitalOcean, LLC. is an American multinational technology company and cloud service provider. DigitalOcean simplifies cloud computing so developers and businesses can spend more time building software that changes the world.

House of HR is a leading HR services group active all over Europe. Our entrepreneurial spirit drives us to provide specialized solutions in two key segments: Specialized Talent Solutions and Engineering & Consulting. Our decentralized model empowers rapid decision-making across our Powerhouses. If you find a security bug in one of our apps, this is the place to report it! Happy hunting! 🏹

The BMW Group looks forward to working with the security community to find vulnerabilities in order to keep its products and customers safe and secure. We are committed to working with you to verify, reproduce, and respond to legitimate reported vulnerabilities covered by this policy. Within this program bounties can be received by reporting vulnerabilities that are in the scope of program and marked as “Eligible”. Please take note of the current scope outlined below.

With its four brands BMW, MINI, Rolls-Royce and BMW Motorrad, the BMW Group is the world’s leading premium manufacturer of automobiles and motorcycles and also provides premium financial services. Our vehicles and products are tailored to the needs of our customers and constantly enhanced. We place special emphasis on the security, integrity and availability of our data and systems and thus also on those of our customers, employees and partners.

Driessen is a staffing agency for government, education and other vital sectors. We have been working exclusively for vital sectors for 30 years, making us one of the largest staffing agencies in the Netherlands. On our platform users can manage their jobs and employees (for employers). For example: candidates can find jobs and apply; employees can see payslips and send in declarations; employers can open a new job with a new vacancy or a payroll request.

The 9altitudes Vulnerability Disclosure Program (VDP) program to review no-bounty assets. 9altitudes is a European player with the main office in Belgium providing digital transformation for our customers focused on 3 main industry clusters – manufacturing, services, and wholesale & distribution. As a Microsoft Gold partner, we are mostly Microsoft-oriented with some own-IP and are an ever-expending organization by way of merge & acquisition.

Axel Springer SE, headquartered in Berlin, is a leading digital publisher known for its wide range of news outlets, magazines, and classifieds. Embracing digital innovation and transformation, the company prioritizes data protection and system integrity. To bolster its digital ecosystem's security, Axel Springer runs a vulnerability disclosure bug bounty program, encouraging cybersecurity experts to find and report vulnerabilities in its digital environment.

Signicat is Europe's leading provider of digital identity solutions. Our mission is to enable trust in the digital world by providing secure, seamless, and compliant identity solutions. We empower businesses and individuals to verify, authenticate, and manage identities with confidence—ensuring trust at every step of the customer journey, from onboarding to offboarding.

This Bug Bounty program is an official and first program run by Škoda Auto a.s. It is focused on the newest version of MyŠkoda mobile application available for iOS and Android. We appreciate the possibility to work with you either remotely or by joining us at the factory and testing the app within our cars! In advance, we thank you for your time and invite you to step into the era of a proactive approach to cyber security together! Škoda Auto a.s.

Orbia is a purpose-led manufacturing group of companies, passionate about the challenges that define how people will live and thrive tomorrow to deliver strategic, collaborative, and human-centered solutions. As part of our commitment to security, we invite researchers to participate in the disclosure program, helping us ensure protection of our systems. Join us in identifying and reporting vulnerabilities to maintain the highest standards of security for our customers and partners.

Allegro sp. z o.o. (hereinafter referred to as “Allegro”) is a leading online marketplace platform in Poland offering a wide range of products across various categories. Allegro provides a secure, user-friendly interface for customers to shop and sellers to list their items. At Allegro we take security seriously and we believe that working with skilled security researchers is crucial in identifying weaknesses. If you have found a security issue in our service, we encourage you to notify us.

Welcome to the Responsible Vulnerability Disclosure Program of Citymesh. Citymesh is one of the Telecommunication Operators in Belgium. Citymesh helps its customers with the implementation, integration, and maintenance of network infrastructure. Citymesh wants to offer its customers quality connectivity solutions that help them achieve their business goals.

The Coca-Cola Company is proud of our researcher community and the impactful findings they have provided over the years. We are bringing our VDP program to Intigriti to further our community growth and provide some exciting changes around our VDP reward structure. For more information about VDP rewards, please see the FAQ section below.

This is an application which is accessed by bpost contractual customers like Amazon, zalando who can login and track the parcels history which was announced by them to bpost for handling. Only the specific logged in senders can view thier own parcel status, not cross sender accounts.

Kiwa is an autonomous global organization in Testing, Inspection and Certification (TIC), training and consultancy services. We create trust by contributing to the transparency of the quality, safety and sustainability of your organization’s products, services, processes, systems and employees, as well as personal and environmental performance. You have the ambition and we help you to go forward!

Democratizing America’s financial system. Invest in stocks, ETFs, options, and cryptocurrencies commission-free. Disclosure: https://robinhood.com/legal