FIS

Hi all,

Hope you're all keeping well and healthy!

We've decided to change our 0-day policy on reports from today onwards. Our old policy stated that any report submitted within the first 30 days of disclosure would be out of scope as it gives us time to patch/mitigate.

We've now decided to lower that down to 14 days and reward 10% for the first 14 days (from vendor patch release), and full reward after -

• Recently disclosed zero-day vulnerabilities. Please see announcement regarding this, we will reward 10% of the payout within the first 14 days from the Vendor releasing a patch, or full amount after 14 days.

If you have any questions, please reach out to support@bugcrowd.com.

All the best,

Nick and the FIS team