Sophos

We would like to update you on our program policy.

Reports about leaked credentials, included but not limited to user names, passwords, cookies, tokens, etc., are not eligible for reward unless steps are provided on how they can be acquired from a system under direct Sophos control.

As always, please be sure to review the program brief in detail. If you have any questions, please visit Bugcrowd Support and create a support ticket.

Happy Hunting!