FireEye Bug Bounty Program

  • $50 – $2,500 per vulnerability
  • Safe harbor

Program stats

  • Vulnerabilities rewarded 312
  • Validation within 25 days 75% of submissions are accepted or rejected within 25 days
  • Average payout $494.44 within the last 3 months

Latest hall of famers

Recently joined this program


Please note: This program does not allow disclosure. You may not release information about vulnerabilities found in this program to the public.

Bug Bounty Program

FireEye cares deeply about our products, services, business applications, and infrastructure security. As security researchers ourselves, FireEye understands the importance of investigating and responding to security issues. We also realize that despite our efforts to eradicate security vulnerabilities from our products and services, there will always be emerging threats, new vulnerabilities, and opportunities to improve. To that end, FireEye believes wholeheartedly in embracing the public research community when security issues are discovered and working with security researchers to fix the identified issue and remediate any related and/or underlying systemic issues to further improve our security posture.

In the interest of protecting our customers, we provide the public research community the opportunity to engage, report, and receive credit for their work. While engaging with us, we ask that reporters honor responsible disclosure principles and processes and give FireEye an opportunity to evaluate, respond, and if necessary, remediate any confirmed security vulnerabilities prior to public disclosure.

Please do NOT test 'contact us', 'support' forms, or 'report an incident' form as this creates extra work for people at FireEye. For clarity sake, the URLs FireEye requests you NOT to test are below, and are also stated in the 'Out of Scope' Target Section:


Please self sign up with your emails where possible.

Ratings and Rewards:

For the initial prioritization/rating of findings, this program will use the Bugcrowd Vulnerability Rating Taxonomy. However, it is important to note that in some cases a vulnerability priority will be modified due to its likelihood or impact. In any instance where an issue is downgraded, a full, detailed explanation will be provided to the researcher - along with the opportunity to appeal, and make a case for a higher priority.

Scope and rewards

Program rules

This program follows Bugcrowd’s standard disclosure terms.

For any testing issues (such as broken credentials, inaccessible application, or Bugcrowd Ninja email problems), please email We will address your issue as soon as possible.

This program does not offer financial or point-based rewards for P5 — Informational findings. Learn more about Bugcrowd’s VRT.