EPAM Systems Managed Bug Bounty Program

EPAM Systems leads the industry in digital and physical product development and digital platform engineering services. Please submit your findings to this Bug Bounty Program.

  • $50 – $600 per vulnerability
  • Safe harbor
Submit report

Program stats

  • Vulnerabilities rewarded 132
  • Validation within 3 days 75% of submissions are accepted or rejected within 3 days
  • Average payout $145.83 within the last 3 months

Latest hall of famers

View all 88

Recently joined this program

450 total

Disclosure

Please note: This program or engagement does not allow disclosure. You may not release information about vulnerabilities found in this program or engagement to the public.

Main Guidelines, read closely!

  • ethics.epam.com is out of the program's scope. Do not perform any testing for this target!
  • Every request must include the X-Bugcrowd header with Bugcrowd username, for e.g: Bugcrowd-<Username>
  • Must use the Bugcrowd email alias [username]@bugcrowdninja.com.
  • Automation against form submissions is not allowed and can lead to a ban from the program.
  • Do not degrade EPAM's user experience, disrupt production systems, or destroy data during security testing.
  • Please do not test requests for account removal at https://anywhere.epam.com/en/contact-us. We won't accept this as a valid submission
  • Read the program's scope carefully!

Violation of any point above will lead to an immediate program ban!

Prohibited Activity

Automated vulnerability scanners. We need your brainpower, not your processing power.

About EPAM

EPAM's global teams serve customers in more than 35 countries across North America, Europe, Asia, and Australia. As a recognized market leader in multiple categories among top global independent research agencies, EPAM was one of only four technology companies to appear on the Forbes 25 Fastest Growing Public Tech Companies list every year of publication since 2013 and has ranked as the top IT services company on Fortune's 100 Fastest-Growing Companies list in 2019 and 2020. We value collaboration, work in partnership with our customers, and strive for the highest standards of excellence. We're remotely supporting operations for hundreds of clients worldwide in today's market conditions.

No technology is perfect, and EPAM Systems believes that working with skilled security researchers across the globe is crucial in identifying weaknesses in any technology. We are excited for you to participate as a security researcher to help us identify vulnerabilities in our applications and infrastructure. Good luck, and happy hunting!

Ratings/Rewards:

For the initial prioritization/rating of findings, this program will use the Bugcrowd Vulnerability Rating Taxonomy. However, it is important to note that in some cases, a vulnerability priority will be modified due to its likelihood or impact. In any instance where an issue is downgraded, a full, detailed explanation will be provided to the researcher and the opportunity to appeal and make a case for a higher priority._

Scope and rewards

Program rules

This program follows Bugcrowd’s standard disclosure terms.

For any testing issues (such as broken credentials, inaccessible application, or Bugcrowd Ninja email problems), please submit through the Bugcrowd Support Portal. We will address your issue as soon as possible.

This program does not offer financial or point-based rewards for P5 — Informational findings. Learn more about Bugcrowd’s VRT.