Stellantis

  • $150 – $7,500 per vulnerability
  • Safe harbor

Discontinue use of scanners + DNS Record findings now Out of Scope

We have been asked by Stellantis to discontinue the use of all automated vulnerability scanners on their program. Custom scripts and fuzzing tools are still permitted, but if using them, please keep your traffic to six requests per second or less.
Additionally, it’s worth noting that the client already runs automated scans from Acunetix, Zap, Nessus, et al., against the in-scope targets – so using these tools is likely of minimal utility to researchers. As such, please avoid using them unless for targeted, specific testing, and then only at less than six requests per second.
If disruptive testing is continued, there may be risk of removal from the Stellantis program.

Additionally, please note that DNS record related findings are now out of scope (and not eligible for rewards).

Thanks!

If you have any questions, please reach out to support@bugcrowd.com for any clarification on why scanners are no longer allowed.