Sophos
- $100 – $50,000 per vulnerability
Updates to the Sophos Program
There have been updates within the scope details as of May 03, 2023. This update brings about the following changes in the Research section of the bounty brief:
Researchers should use test accounts or test systems where possible, such that the security and privacy of real users is protected. At all times, make a good faith effort to avoid privacy violations as well as destruction, interruption or segregation of Sophos services. Do not modify or destroy data that does not belong to you.
Potentially destructive tests, including denial of service, require prior written consent by Sophos.
Reach out to security-alert@sophos.com, if a potentially destructive test on a production system is required to find, or confirm, a finding.
Denial of Service testing against Sophos Central is explicitly prohibited and will not be approved at this time.
As always, please be sure to review the program brief on a regular bases for future scope updates, in detail, and if you have any questions, please reach out support@bugcrowd.com.
Name | URL | Description | Change |
---|---|---|---|
Sophos | https://bugcrowd.com/sophos?preview=08c1c6062f785b3bcbac3fc9d70efbae | Research Section | Scope |
Happy Hunting!