Bug Bounty Programs

Want to try a new technique or methodology on private bug bounty programs? Submit your research, get invited to private programs, and start collecting bounties.

Red Bull appreciates the work of security researchers to make the internet a better - and more secure - place. Even though we aim to prevent security issues by applying state-of-the art development and operations processes, systems and technical services outside our direct control might have vulnerabilities and weaknesses and we aim to identify and address those before any negative impact occurs. As appreciation we have a unique reward system in place, please see FAQ for more information.

DigitalOcean, LLC. is an American multinational technology company and cloud service provider. DigitalOcean simplifies cloud computing so developers and businesses can spend more time building software that changes the world.

EURid vzw is the registry operator of the .eu, .ею (Cyrillic script) and .ευ (Greek script) country code top-level domains (ccTLD) upon the appointment of the European Commission since 2003. As the registry operator, our biggest concern and priority is the stability and security of the .eu namespace. We also develop and maintain YADIFA since 2012, a lightweight authoritative Name Server with DNSSEC capabilities.

The 9altitudes Vulnerability Disclosure Program (VDP) program to review no-bounty assets. 9altitudes is a European player with the main office in Belgium providing digital transformation for our customers focused on 3 main industry clusters – manufacturing, services, and wholesale & distribution. As a Microsoft Gold partner, we are mostly Microsoft-oriented with some own-IP and are an ever-expending organization by way of merge & acquisition.

The national project “eHealth Hubs & MetaHub” coordinated by the eHealth platform is meant to make medical results from hospitals (and in the near future medical laboratories) available to any caregiver who currently is treating the patient . For detailed information see https://www.ehealth.fgov.be/nl/zorgverleners/online-diensten/hubs-metahub and the URL in the next paragraph. This system supplements the traditional system of addressed ‘email type’ communication to individual referrers. Before medical data about a patient can be shared, that patient has to grant the ‘eHealth informed consent’ (see http://www.patientconsent.be ). Further, care providers declare a therapeutic relationship with the patient. Communication between the hubs and between external physicians and a hub is according to the KMEHR standard: https://www.ehealth.fgov.be/standards/kmehr/content/page/web-services The scope of this project is confined to the hub exploited by VZNKUL (Vlaams Ziekenhuis Netwerk KU Leuven) implementation of this hub system. The central metahub hub from the Belgian government, the other hubs, and the systems at other partners of this project are out of scope.

House of HR is a leading HR services group active all over Europe. Our entrepreneurial spirit drives us to provide specialized solutions in two key segments: Specialized Talent Solutions and Engineering & Consulting. Our decentralized model empowers rapid decision-making across our Powerhouses. If you find a security bug in one of our apps, this is the place to report it! Happy hunting! 🏹

Axel Springer SE, headquartered in Berlin, is a leading digital publisher known for its wide range of news outlets, magazines, and classifieds. Embracing digital innovation and transformation, the company prioritizes data protection and system integrity. To bolster its digital ecosystem's security, Axel Springer runs a vulnerability disclosure bug bounty program, encouraging cybersecurity experts to find and report vulnerabilities in its digital environment.

Yacht is number one in connecting professionals.

BMC is number one in connecting professionals

Randstad is the global leader in the HR services industry. By combining our passion for people with the power of today’s intelligent machines, we support people and organizations in realizing their true potential.

With more than 6,900 employees worldwide, SIXT combines global car rental and local share solutions, ride hailing-services as well as car subscriptions in one of the world’s largest mobility platforms. With just one app – the SIXT App – we offer our customers digital access to more than 200,000 vehicles and around 1.5 million connected drivers in approximately 110 countries worldwide. Besides its own range of vehicles, SIXT also integrates services from more than 1,500 mobility partners.

Cloudways by DigitalOcean is a managed web hosting platform that specialises in providing an easy-to-manage environment for web applications.

At KU Leuven, we are committed to ensuring the integrity of our Housing Application Program. This program allows both new and returning students to apply for a room in KU Leuven Central Services Residences, helping them find the right accommodation. As with all our platforms, we recognize that vulnerabilities can exist, and we encourage researchers to report any security issues they may discover within this application. If you identify a vulnerability while using the application, please follow our disclosure guidelines to report it safely and responsibly. Your contributions help us maintain a secure and seamless experience for all students!

VULNERABILITY DISCLOSURE PROGRAM (VDP) Above all else, University Hospital Zurich is committed to the care and improvement of human life. Part of that mission is to protect our patients, people, systems, and facilities. We want encourage security researchers to feel comfortable reporting vulnerabilities they’ve discovered to us in good faith.

PeopleCert is the global leader in the assessment and certification of professional and language skills, partnering with multi-national organisations and government bodies to develop and deliver market leading exams worldwide. This policy is intended to give security researchers clear guidelines for conducting vulnerability discovery activities.

Revolut is a financial technology company that offers banking services. It offers accounts featuring currency exchange, debit cards, virtual cards, interest-bearing "vaults", commission-free stock trading, crypto, commodities, and other services to over 55M customers. Please visit our website for more information: www.revolut.com

VTM GO offers a lot of strong Flemish and exclusive international series & films for free. From news and news to the most powerful fiction and reality shows.

Welcome to the Responsible Vulnerability Disclosure Program of Citymesh. Citymesh is one of the Telecommunication Operators in Belgium. Citymesh helps its customers with the implementation, integration, and maintenance of network infrastructure. Citymesh wants to offer its customers quality connectivity solutions that help them achieve their business goals.

Since 2010, Speakap has helped more than 400 companies across 120 countries, 42 languages, and many time zones, reach their full potential with more productive employees. With an award-winning, easy-to-use employee app, Speakap empowers company leaders to share the right content with the right people at the right time. Speakap boasts very high adoption rates with users logging in almost 6x a day for 50+ seconds per time.

De Morgen has a broad view of the news with attention to political current affairs, culture and media. The editors are critical, dig deeper and often make the news of the day under the motto more insight, more salmon. De Morgen is aiming for an open-minded audience that is looking for qualitative news coverage, background and interpretation of the news. The newspaper looks young and fresh and has won international prizes with its design.

Tempo-Team offers daily new and varied jobs for every level and field.

DPG Media is a leading media group in Flanders, Netherlands and Denmark that knows how to touch viewers, surfers, readers and listeners with impressive stories, lightning fast news and sparkling entertainment.

The BMW Group looks forward to working with the security community to find vulnerabilities in order to keep its products and customers safe and secure. We are committed to working with you to verify, reproduce, and respond to legitimate reported vulnerabilities covered by this policy. Within this program bounties can be received by reporting vulnerabilities that are in the scope of program and marked as “Eligible”. Please take note of the current scope outlined below.