HubSpot

Marketing, Sales, and Service software platform for scaling companies

  • $50 – $1,500 per vulnerability
  • Partial safe harbor
  • Managed by Bugcrowd
Submit report

Program stats

800 vulnerabilities rewarded

Validation within 5 days
75% of submissions are accepted or rejected within 5 days

$307.44 average payout (last 3 months)

Latest hall of famers

View all 105

Recently joined this program

385 total

Disclosure

Please note: This program does not allow disclosure. You may not release information about vulnerabilities found in this program to the public.

Security researchers are increasingly interacting with software companies in order to find and fix the myriad of potential security issues that may arise in any sufficiently complex infrastructure. HubSpot takes those issues seriously, and appreciates the work of the white hat community in responsibly reporting any findings. We are running this bounty program in order to get a better understanding of our own security posture, and to give a deserved tip of the hat to the research community.

Scope and rewards

Program rules

This program follows Bugcrowd’s standard disclosure terms.

For any testing issues (such as broken credentials, inaccessible application, or Bugcrowd Ninja email problems), please email support@bugcrowd.com. We will address your issue as soon as possible.

This program does not offer financial or point-based rewards for P5 — Informational findings. Learn more about Bugcrowd’s VRT.

    Additional Information:

  • This bounty requires explicit permission to disclose the results of a submission.
  • Customer portals will not be provided.
  • Researchers can create a free trial portal here: http://offers.hubspot.com/free-trial