Kohl's
- $100 – $4,500 per vulnerability
Kohl's is taking the next step in securing our applications. We invite researchers through Bugcrowd's bug bounty program to test our site and let us know how we're doing. Kohl's knows that securing our applications and networks requires collaboration with the security community and will reward those researchers who find in scope vulnerabilities by following our Bug Bounty program and scope.
Please read this brief and its stated conditions COMPLETELY before doing any penetration testing. Failure to comply may result in not being able to collect a reward.
Rewards/Ratings:
- This program adheres to the Bugcrowd Vulnerability Rating Taxonomy for the prioritization/rating of findings.
- Note that all reflected XSS submissions are eligible for kudos only (as of May 22nd, 2018).
- LLE or staging environments are generally"kudos only," unless there is significant risk, However, infrastructure related issues will be paid as per the severity. All the findings will be reviewed case-by-case and rewarded accordingly.
- Multiple vulnerabilities with same root cause will be grouped and awarded one bounty.
Scope and rewards
Program rules
This program follows Bugcrowd’s standard disclosure terms.
For any testing issues (such as broken credentials, inaccessible application, or Bugcrowd Ninja email problems), please submit through the Bugcrowd Support Portal. We will address your issue as soon as possible.
This program does not offer financial or point-based rewards for P5 — Informational findings. Learn more about Bugcrowd’s VRT.