Dell Technologies Product Bug Bounty Program

Dell Technologies ("Dell") recognizes the value of the security community to create a more secure world and welcomes the opportunity to collaborate with community members who share this common goal.

This Bug Bounty Program applies to security vulnerabilities identified within Dell-branded or currently supported products. Please carefully review the inclusions and exclusions detailed in the sections below.

Triage Process - Please Read First

In order for Dell to properly reproduce a security report, it is required to enter the Product Name and Version Number of the vulnerable device in the URL / Location of vulnerability field. Reports that do not have this information will be rejected.

Submissions with Blockers on them for longer than 5 business days will closed as Not Applicable.

Once a Product and Version are confirmed by Dell, a report will be moved to Triaged to validate the report and assign an Impact. In order to help expedite the Triage process, please ensure reports have:

1. Bulleted, step-by-step reproduction instructions
2. Attach any scripts used in the exploit

Ratings/Rewards:

For the initial prioritization/rating of findings, this program will use the Bugcrowd Vulnerability Rating Taxonomy. However, it is important to note that in some cases a vulnerability priority will be modified due to its likelihood or impact. In any instance where an issue is downgraded, a full, detailed explanation will be provided to the researcher - along with the opportunity to appeal, and make a case for a higher priority.