Bug Bounty Program
FireEye cares deeply about our products, services, business applications, and infrastructure security. As security researchers ourselves, FireEye understands the importance of investigating and responding to security issues. We also realize that despite our efforts to eradicate security vulnerabilities from our products and services, there will always be emerging threats, new vulnerabilities, and opportunities to improve. To that end, FireEye believes wholeheartedly in embracing the public research community when security issues are discovered and working with security researchers to fix the identified issue and remediate any related and/or underlying systemic issues to further improve our security posture.
In the interest of protecting our customers, we provide the public research community the opportunity to engage, report, and receive credit for their work. While engaging with us, we ask that reporters honor responsible disclosure principles and processes and give FireEye an opportunity to evaluate, respond, and if necessary, remediate any confirmed security vulnerabilities prior to public disclosure.
Please do NOT test 'contact us', 'support' forms, or 'report an incident' form as this creates extra work for people at FireEye. For clarity sake, the URLs FireEye requests you NOT to test are below, and are also stated in the 'Out of Scope' Target Section:
Please self sign up with your @bugcrowdninja.com emails where possible.
Ratings and Rewards:
For the initial prioritization/rating of findings, this program will use the Bugcrowd Vulnerability Rating Taxonomy. However, it is important to note that in some cases a vulnerability priority will be modified due to its likelihood or impact. In any instance where an issue is downgraded, a full, detailed explanation will be provided to the researcher - along with the opportunity to appeal, and make a case for a higher priority.