Gusto VDP

  • Safe harbor
  • No collaboration

We no longer offer point rewards for submissions on this program. Please refer to our blog post: How Bugcrowd sees VDPs and points for more details.

Program stats

  • Vulnerabilities accepted 5
  • Validation within 4 days 75% of submissions are accepted or rejected within 4 days

Latest hall of famers

Recently joined this program

Gusto’s mission is to create a world where work empowers a better life. By making the most complicated business tasks simple and personal, Gusto is reimagining payroll, benefits and HR for modern companies.

Security is one of the top priorities at Gusto. We put the same amount of care in protecting our customers' information as we would with our own information. For that end, we would like to invite you to our bug bounty program. We appreciate your efforts and hard work in making the internet (and Gusto) more secure and look forward to working with the researcher community to create a meaningful and successful bug bounty program. Good luck and happy hunting!

Ratings/Rewards:

For the initial prioritization/rating of findings, this program will use the Bugcrowd Vulnerability Rating Taxonomy. However, it is important to note that in some cases a vulnerability priority will be modified due to its likelihood or impact. In any instance where an issue is downgraded, a full, detailed explanation will be provided to the researcher - along with the opportunity to appeal, and make a case for a higher priority.

Scope

Program rules

This program follows Bugcrowd’s standard disclosure terms.

For any testing issues (such as broken credentials, inaccessible application, or Bugcrowd Ninja email problems), please submit through the Bugcrowd Support Portal. We will address your issue as soon as possible.