Dell Technologies' Products Bug Bounty Program
- $200 – $5,000 per vulnerability
Dell Technologies Product Bug Bounty Program
Dell Technologies ("Dell") recognizes the value of the security community to create a more secure world and welcomes the opportunity to collaborate with community members who share this common goal.
This Bug Bounty Program applies to security vulnerabilities identified within Dell-branded or currently supported products. Please carefully review the inclusions and exclusions detailed in the sections below.
Triage Process - Please Read First
In order for Dell to properly reproduce a security report, it is required to enter the Product Name and Version Number of the vulnerable device in the URL / Location of vulnerability field. Reports that do not have this information will be rejected.
Submissions with Blockers on them for longer than 5 business days will closed as Not Applicable.
Once a Product and Version are confirmed by Dell, a report will be moved to Triaged to validate the report and assign an Impact. In order to help expedite the Triage process, please ensure reports have:
- Bulleted, step-by-step reproduction instructions
- Attach any scripts used in the exploit
For the initial prioritization/rating of findings, this program will use the Bugcrowd Vulnerability Rating Taxonomy. However, it is important to note that in some cases a vulnerability priority will be modified due to its likelihood or impact. In any instance where an issue is downgraded, a full, detailed explanation will be provided to the researcher - along with the opportunity to appeal, and make a case for a higher priority.
Scope and rewards
This program follows Bugcrowd’s standard disclosure terms.
For any testing issues (such as broken credentials, inaccessible application, or Bugcrowd Ninja email problems), please email email@example.com. We will address your issue as soon as possible.
This program does not offer financial or point-based rewards for P5 — Informational findings. Learn more about Bugcrowd’s VRT.