Bug Bounty Programs

The 9altitudes Vulnerability Disclosure Program (VDP) program to review no-bounty assets. 9altitudes is a European player with the main office in Belgium providing digital transformation for our customers focused on 3 main industry clusters – manufacturing, services, and wholesale & distribution. As a Microsoft Gold partner, we are mostly Microsoft-oriented with some own-IP and are an ever-expending organization by way of merge & acquisition.

Axel Springer SE, headquartered in Berlin, is a leading digital publisher known for its wide range of news outlets, magazines, and classifieds. Embracing digital innovation and transformation, the company prioritizes data protection and system integrity. To bolster its digital ecosystem's security, Axel Springer runs a vulnerability disclosure bug bounty program, encouraging cybersecurity experts to find and report vulnerabilities in its digital environment.

Signicat is Europe's leading provider of digital identity solutions. Our mission is to enable trust in the digital world by providing secure, seamless, and compliant identity solutions. We empower businesses and individuals to verify, authenticate, and manage identities with confidence—ensuring trust at every step of the customer journey, from onboarding to offboarding.

This Bug Bounty program is an official and first program run by Škoda Auto a.s. It is focused on the newest version of MyŠkoda mobile application available for iOS and Android. We appreciate the possibility to work with you either remotely or by joining us at the factory and testing the app within our cars! In advance, we thank you for your time and invite you to step into the era of a proactive approach to cyber security together! Škoda Auto a.s.

Orbia is a purpose-led manufacturing group of companies, passionate about the challenges that define how people will live and thrive tomorrow to deliver strategic, collaborative, and human-centered solutions. As part of our commitment to security, we invite researchers to participate in the disclosure program, helping us ensure protection of our systems. Join us in identifying and reporting vulnerabilities to maintain the highest standards of security for our customers and partners.

Allegro sp. z o.o. (hereinafter referred to as “Allegro”) is a leading online marketplace platform in Poland offering a wide range of products across various categories. Allegro provides a secure, user-friendly interface for customers to shop and sellers to list their items. At Allegro we take security seriously and we believe that working with skilled security researchers is crucial in identifying weaknesses. If you have found a security issue in our service, we encourage you to notify us.

Welcome to the Responsible Vulnerability Disclosure Program of Citymesh. Citymesh is one of the Telecommunication Operators in Belgium. Citymesh helps its customers with the implementation, integration, and maintenance of network infrastructure. Citymesh wants to offer its customers quality connectivity solutions that help them achieve their business goals.

The Coca-Cola Company is proud of our researcher community and the impactful findings they have provided over the years. We are bringing our VDP program to Intigriti to further our community growth and provide some exciting changes around our VDP reward structure. For more information about VDP rewards, please see the FAQ section below.

This is an application which is accessed by bpost contractual customers like Amazon, zalando who can login and track the parcels history which was announced by them to bpost for handling. Only the specific logged in senders can view thier own parcel status, not cross sender accounts.

Kiwa is an autonomous global organization in Testing, Inspection and Certification (TIC), training and consultancy services. We create trust by contributing to the transparency of the quality, safety and sustainability of your organization’s products, services, processes, systems and employees, as well as personal and environmental performance. You have the ambition and we help you to go forward!

One submission and 51,337 reasons to get to it. Cybersecurity is part of our nature and we understand that only by challenging our ways, we get to improve. The Capture Our Flag program is a targeted challenge that leverages Intigriti's core assets: submissions. This ensures our core product is secure at all times, and is a testament to the trust we build with our researchers and to our customers.

Dstny (https://www.dstny.com/) is a leading European innovator in secure cloud communications, driven by our robust UCaaS solutions and cutting-edge technology. We empower service providers, partners, end-users, and third-party services to thrive within our dynamic ecosystem. Participating in a bug bounty program provides a unique opportunity to enhance our cybersecurity by collaborating with a global community of skilled ethical hackers. With over 15000 domain names and IP addresses in our program, we offer a broad and dynamic scope to ensure comprehensive security testing. This proactive approach reinforces our commitment to delivering secure, reliable communication solutions.

At Veriff we are passionate about creating a safer environment online. Our mission is to bring transparency to the digital world. We take the security of our systems seriously, and we value the security community. The disclosure of security vulnerabilities helps us ensure the security and privacy of our users. We ask all researchers to follow the guidelines provided.

Freepik’s mission is to push the boundaries of artificial intelligence to empower creativity worldwide. We are developing cutting-edge AI projects that reimagine how people create, design, and interact with visual content, making creativity more accessible, faster, and smarter. While innovation is at the core of what we do, we also recognize the importance of building securely. We value the work of the security research community in making the internet a safer place. Although our dedicated team applies the best security practices to prevent potential vulnerabilities, we want to open the door for the community to contribute to this effort.

Rivian exists to create products and services that help our planet transition to carbon neutral energy and transportation. Rivian designs, develops, and manufactures category-defining electric vehicles and accessories and sells them directly to customers in the consumer and commercial markets. Rivian complements its vehicles with a full suite of proprietary, value-added services that address the entire lifecycle of the vehicle and deepen its customer relationships.

Every day, billions of people come into contact with Bühler technologies to meet their basic needs for food, mobility, and more. Our technologies are in your smartphone, solar panels, diapers, lipstick, banknotes, the food you eat, and the vehicles you drive. We strive to innovate for a better world, with a special focus on healthy, safe, and sustainable solutions. Learn more about Bühler at www.buhlergroup.com.

Hello dear Researcher, let us introduce ourselves! Vinted's mission is to make second-hand the first choice worldwide by establishing a sustainable circular model and taking it global. We are an online marketplace through which users are able to sell or purchase certain items with other users. We're committed to protecting our brand and our Members, hence we invite security researchers to help protect our platform and its users proactively.

Advanced Micro Devices, Inc., commonly abbreviated as AMD, is an American multinational semiconductor company based in Santa Clara, California, that develops computer processors and related technologies for business and consumer markets.

Posti is one of the leading delivery and fulfillment companies in Finland, Sweden and the Baltic countries, that offers a wide range of postal, logistics, freight and eCommerce services. Further information: https://www.posti.com/en/corporate/posti-business/our-services

Webnode is an amazingly simple website builder. Launched in 2008, it has already helped over 50 million users create their own websites. Webnode has recently been acquired by the number one hosting company in Europe and therefore the product will be used and implemented throughout different brands in Europe.

DHL Group is a global logistics company providing services in express delivery, freight transportation, supply chain management, e-commerce solutions, as well as postal and parcel services. As part of our commitment to security, we invite researchers to participate in our vulnerability disclosure program, helping us ensure protection of our systems. Join us in identifying and reporting potential vulnerabilities to maintain the highest standards of security for our customers and partners.

Revolut is a financial technology company that offers banking services. It offers accounts featuring currency exchange, debit cards, virtual cards, interest-bearing "vaults", commission-free stock trading, crypto, commodities, and other services to over 60M customers. Please visit our website for more information: www.revolut.com

Responsible Disclosure indicates ING’s continued commitment to improve its security posture. As part of this process, we work closely with security researchers to identify and report vulnerabilities they find within our systems. ING appreciates security researchers efforts in reporting vulnerabilities on its systems as long as the discovered vulnerability is in scope, detected without the use of intrusive testing techniques, and follows the disclosure guidelines below:

VULNERABILITY DISCLOSURE PROGRAM (VDP) Above all else, University Hospital Zurich is committed to the care and improvement of human life. Part of that mission is to protect our patients, people, systems, and facilities. We want encourage security researchers to feel comfortable reporting vulnerabilities they’ve discovered to us in good faith.