• $125 – $4,500 per vulnerability
  • Up to $5,000 maximum reward
  • Safe harbor

Program stats

  • Vulnerabilities rewarded 79
  • Validation within 3 days 75% of submissions are accepted or rejected within 3 days

Latest hall of famers

Recently joined this program

1927 total


Please note: This program does not allow disclosure. You may not release information about vulnerabilities found in this program to the public.

Healthcare integration between critical and innovative software applications hurt healthcare experiences in the United States every day. Estimates are that there is over $750 billion wasted in healthcare each year. Redox aims to become one of the most trusted brands in healthcare. With your help, we will surpass HIPAA industry regulation guidelines and cater to all patients supremely.

The Redox platform provides a highly-scalable solution that eliminates technical barriers. From getting HL7 data over VPNs to a multitude of EHR(electronic health record) vendor APIs and even XML over SFTP, we need to do it all and do it securely.


New updates can be found here:

Our Maximum Reward

Redox is offering a maximum reward (shown above) which is higher than our standard P1 reward for any Extraordinary Submissions. This means more than simply qualifying for a P1 under the VRT (which this bug should in terms of impact). It means the researcher has spent the time and effort to understand our platform and identified a flaw unique to our platform that most others would not find without such investment. Additionally, we'd expect the submission write up to reflect an understanding of the platform and can describe the vulnerability and its impact and how to resolve it clearly and concisely.

We will make an effort to respond as fast as possible to all submissions.

Scope and rewards

Program rules

This program follows Bugcrowd’s standard disclosure terms.

For any testing issues (such as broken credentials, inaccessible application, or Bugcrowd Ninja email problems), please email We will address your issue as soon as possible.

This program does not offer financial or point-based rewards for P5 — Informational findings. Learn more about Bugcrowd’s VRT.