FIS

Hi all,

We're very happy to announce that as of now, all assets that all FIS owned assets are now in scope!

Please keep in mind -
FIS provides a wide range of financial products and services, this includes web development, application hosting and DNS services. As of which, there will be a number of sites where FIS only owns a section of them. There will also be situations where we host the site, own the domain but are not contractually responsible for the security on that site. We strive to be as transparent as possible with our bug bounty community; if a report comes in that meets this criteria, we will work with the researcher to determine the best path forward, which may include engaging the customer/client.

There have also been changes to scope page, please familiarise yourself with the changes, program rules and the out of scope vulnerabilities. We have added a new scope section regarding our current bonuses (which is still $100k for full auth bypass on 2 FIS sites, please see the announcement regarding this).

Also please pay attention to the out of scope list. We have now added any site owned by SUNGARDAS as we've had a number of reports through recently regarding this company, which FIS do not own.

All the best and happy hunting!

Nick and the FIS team