• $200 – $20,000 per vulnerability

New Scope Added to Netflix Program

We hope your testing is going well. Here is an update that should make things a bit more interesting!

There have been some recent additions on the Netflix program. We highly recommend you take a look at this additional attack surface – which hopefully means more vulnerabilities! Here is what’s new:

Open Source Targets Overview

Scoping Guidelines

Netflix publishes many projects as open source, but only some projects are in scope. Vulnerabilities will be rewarded as primary or secondary targets as specified below:

● Consoleme
● Weep
● Zuul

● Atlas
● Conductor
● Dispatch
● Metaflow
● Spectator

All other Netflix open source projects are not in scope for reward at this time. Please familiarize yourself with the README and SECURITY files (if present) in each project before testing. They will contain more details about scope, security model, and a list of any excluded issues.

Reward Guidelines

Open source targets listed above will be paid out on the Primary or Secondary reward scales as specified above. Open Source projects which are not explicitly listed above are not eligible for reward at this time. The priority for these vulnerabilities will be assigned based on impact to Netflix.

As always, please see the program brief for the full details around testing. If you have any questions, please reach out to

Get out there and lay claim to those bugs!