Lenovo Responsible Disclosure

As a global personal technology company, Lenovo develops, manufactures, and markets reliable, high-quality, secure and easy-to-use technology products and services.

  • Partial safe harbor
  • No collaboration
Submit report

We no longer offer point rewards for submissions on this program. Please refer to our blog post: How Bugcrowd sees VDPs and points for more details.

Program stats

  • Vulnerabilities accepted 1357
  • Validation within 3 days 75% of submissions are accepted or rejected within 3 days

Latest hall of famers

View all 228

Recently joined this program

337 total

Disclosure

Please note: This program or engagement does not allow disclosure. You may not release information about vulnerabilities found in this program or engagement to the public.

We appreciate all security concerns brought forth and are constantly striving to keep on top of the latest threats. Being pro-active rather than re-active to emerging security issues is a fundamental belief at Lenovo.

Every day new security issues and attack vectors are created. Lenovo strives to keep abreast on the latest state-of-the-art security developments by working with security researchers and companies. We appreciate the community's efforts in creating a more secure world.

Ratings:

Lenovo will rely on the Bugcrowd Vulnerability Rating Taxonomy for prioritization of findings, but reserve the right to either downgrade or upgrade findings’ severity based on the criticality of their underlying risk to Lenovo. Any downgraded submission with come with a detailed explanation.

Please be aware this is a kudos-only program; no monetary rewards will be disbursed for this program.

Scope

Program rules

This program follows Bugcrowd’s standard disclosure terms.

For any testing issues (such as broken credentials, inaccessible application, or Bugcrowd Ninja email problems), please submit through the Bugcrowd Support Portal. We will address your issue as soon as possible.

Learn more about Bugcrowd’s VRT.