Overstock's Vulnerability Disclosure Page!

  • Points per vulnerability
  • Partial safe harbor
  • Managed by Bugcrowd

Program stats

82 vulnerabilities rewarded

Validation within about 18 hours
75% of submissions are accepted or rejected within about 18 hours

Latest hall of famers

Recently joined this program


Please note: This program does not allow disclosure. You may not release information about vulnerabilities found in this program to the public.

Overstock.com encourages you to responsibly report any security issues you're able to identify on Overstock.com!


For the initial prioritization/rating of findings, this program will use the Bugcrowd Vulnerability Rating Taxonomy. However, it is important to note that in some cases a vulnerability priority will be modified due to its likelihood or impact. In any instance where an issue is downgraded, a full, detailed explanation will be provided to the researcher - along with the opportunity to appeal, and make a case for a higher priority.


This program only awards points for VRT based submissions.

Program rules

This program follows Bugcrowd’s standard disclosure terms.