ThousandEyes Bug Bounty

  • $200 – $4,500 per vulnerability
  • No collaboration

Program stats

  • Vulnerabilities rewarded 88
  • Validation within 4 days 75% of submissions are accepted or rejected within 4 days
  • Average payout $500 within the last 3 months

Latest hall of famers

Recently joined this program

The name ThousandEyes was born from two big ideas: the power to see things not ordinarily possible and the ability to collect insights from a multitude of vantage points. As organizations rely more on cloud services and the Internet, the network has become a black box they can't understand. ThousandEyes gives organizations visibility into the now borderless network, arming them with an accurate understanding of how the network impacts their applications, users, and customers.


This program adheres to the Bugcrowd Vulnerability Rating Taxonomy for the prioritization/rating of findings.

Guidelines:

  • Please note that this is a live, production environment.
  • Automated vulnerability scans are strictly prohibited (this includes any kind of brute-force enumeration).
  • Keep information about any vulnerabilities you have discovered confidential between yourself and ThousandEyes. Any disclosure without prior approval is grounds for removal from the program, and forfeiture of any reward.
  • You must ensure that service operation and integrity and confidentiality of customer data are not affected in any way as a result of your testing. Any form of Denial of Service testing is strictly prohibited. If you believe you have identified a vector by which DoS can be performed, please reach out to USSR@thousandeyes.com.
  • This is a Private Program, so you must not discuss program details including Program name, scope, Vulnerability details, bounty structure, account information, or any other detail to anyone who is not a Bugcrowd employee or member of this program. When collaborating with other Finders on the Program, be sure to do so in a secure manner, in accordance with disclosure requirements listed in Bugcrowd’s Code of Conduct.
  • Please ensure that the string “Bugcrowd-<BugcrowdUsername>” is appended to your user agent for all HTTP/HTTPS traffic before performing any testing. Example instructions on how to modify the user agent string for Chrome can be found here and for Burp Suite can be found here.

Scope and rewards

Program rules

This program follows Bugcrowd’s standard disclosure terms.

For any testing issues (such as broken credentials, inaccessible application, or Bugcrowd Ninja email problems), please submit through the Bugcrowd Support Portal. We will address your issue as soon as possible.

This program does not offer financial or point-based rewards for P5 — Informational findings. Learn more about Bugcrowd’s VRT.