Security is a top priority at Pornhub Entertainment Ltd (“Pornhub”). Pornhub loves to work with skilled security researchers to improve the security of Pornhub’s Services. If you (also referred herein as the “Security Researcher”) believe you have found a (“Vulnerability” or “Vulnerabilities”), as defined in the Standard Disclosure Terms on www.BugCrowd.com, in the services listed in Pornhub’s scope (as defined below), Pornhub will be happy to work with you to resolve the issue promptly and ensure you are rewarded for your discovery.

Important:

Contacting Pornhub’s support team directly to inquire about the status or examination of a BugCrowd submission (“Submission”) will result in an immediate disqualification from receiving Rewards. All communications must be conducted through the Crowdcontrol platform only.

This program deals with adult content that is NOT SAFE FOR MINORS. If you are under the age of 18 years old or the age of majority in your jurisdiction of primary residence, you are not authorized to participate Pornhub’s Program. Please continue only if you are of legal age and are comfortable testing on sites with adult content.

Timelines

We strive to meet the following SLA in business days.

First Response: 48 Hours
Time to Triage: 5 days
Time to Reward: 10 days
Time to Resolution: depends on severity and complexity

Program Rewards

Pornhub may provide a reward to eligible Security Researchers of of qualifying Vulnerabilities in accordance with this Program (each a "Reward").

*Reward amounts may vary depending upon the severity of the Vulnerability reported, at Pornhub’s sole discretion. *

For the initial prioritization/rating of findings, this program will be using the Common Vulnerability Scoring System (CVSS) However, it is important to note that in some cases a vulnerability priority will be modified due to its likelihood or impact. In any instance where an issue is downgraded, a full, detailed explanation will be given to the researcher.
The Reward table listed above is used to suggest payouts that results from the calculated CVSS score.
Please note that this framework is a guide only and is not intended to be an accurate representation or guarantee of the Reward a Security Researcher may receive for a given Vulnerability. Final determinations on the severity of a Vulnerability and the amount of each Reward shall be decided by Pornhub, in its sole discretion.

Pornhub will, at its sole discretion, decide if the minimum severity threshold is met for each reported Vulnerability. Pornhub shall use commercially reasonable efforts to inform Security Researcher if the Vulnerability was previously reported. Rewards are granted entirely at the discretion of Pornhub, in accordance with this Program.

Safe Harbor

Any activities conducted in a manner consistent with this Program will be considered authorized conduct and we will not initiate legal action against you. If legal action is initiated by a third party against you in connection with activities conducted under this Program, we will take steps to make it known that your actions were conducted in compliance with this Program.

Miscellaneous

You must be at least 18 years old or have reached the age of majority in your jurisdiction of primary residence and citizenship to participate in Pornhub’s Bugcrowd Program and be eligible to receive Rewards.

Payments are made through BugCrowd only. You are legally bound by the Bugcrowd Terms of Service, the Standard Disclosure Terms, the Public Disclosure Policy, the Platform Behavior Standards, the BugCrowd Code of Conduct for Security Researchers, as well as any other agreement found on https://www.BugCrowd.com/ that applies to Security Reasearchers (the "Agreements") and these, as well as this Program Brief shall govern the legal relationship between you and Pornhub. All terms used but not defined herein shall have the meaning ascribed to them in the Agreements.

Current and previous employees of Pornhub, its affiliates, subsidiaries, agencies and divisions, partners, and their respective employees and Immediate Family members can responsibly disclose Vulnerabilities by participating in Pornhub’s BugCrowd Program but are not eligible for monetary Rewards. The term “Immediate Family” includes spouses, siblings, parents, children, grandparents, and grandchildren, whether as “in-laws,” or by current or past marriages(s), remarriage(s), adoption, co-habitation or other family extension, and any other persons residing at the same household whether or not related.

Pornhub reserve the right to modify the terms of this Program or terminate this Program at any time. By participating in this Program, you agree to be bound by these rules. You must comply with all applicable laws in connection with your participation in this Program.

Thank you for helping keep Pornhub safe!