Gearset: Managed Bug Bounty

  • $200 – $6,000 per vulnerability
  • Safe harbor

Program stats

  • Vulnerabilities rewarded 53
  • Validation within about 2 months 75% of submissions are accepted or rejected within about 2 months
  • Average payout $470 within the last 3 months

Latest hall of famers

Recently joined this program

No technology is perfect and Gearset believes that working with skilled security researchers across the globe is crucial in identifying weaknesses in any technology. We are excited for you to participate as a security researcher to help us identify vulnerabilities in our web app. Good luck, and happy hunting!


For this program, we're inviting researchers to test our Web application and API. Our primary goal is to ensure customer's data is protected and our application is free from security vulnerabilities.

Release frequency

Gearset regularly releases new code. Our staging environments release changes multiple times per hour, so we would encourage you to regularly visit us. Major functionality will be mentioned in the announcement section, but you can also check the in-app changelog, as well as our blog.

Out of scope testing:

Testing is only authorized on the targets listed as In-Scope. Any domain/property of Gearset not listed in the targets section is out of scope. This includes any/all subdomains not listed. If you happen to identify a security vulnerability on a target that is not in-scope, but that demonstrably belongs to Gearset, it may be reported to this program, and is appreciated - but will ultimately be marked as ‘not applicable’ and will not be eligible for monetary or points-based compensation.

Scope and rewards

Program rules

This program follows Bugcrowd’s standard disclosure terms.

For any testing issues (such as broken credentials, inaccessible application, or Bugcrowd Ninja email problems), please submit through the Bugcrowd Support Portal. We will address your issue as soon as possible.

This program does not offer financial or point-based rewards for P5 — Informational findings. Learn more about Bugcrowd’s VRT.