ThousandEyes Bug Bounty

The name ThousandEyes was born from two big ideas: the power to see things not ordinarily possible and the ability to collect insights from a multitude of vantage points. As organizations rely more on cloud services and the Internet, the network has become a black box they can't understand. ThousandEyes gives organizations visibility into the now borderless network, arming them with an accurate understanding of how the network impacts their applications, users, and customers.

---

This program adheres to the Bugcrowd Vulnerability Rating Taxonomy for the prioritization/rating of findings.

Guidelines:

• Please note that this is a live, production environment.
• Automated vulnerability scans are strictly prohibited (this includes any kind of brute-force enumeration).
• Keep information about any vulnerabilities you have discovered confidential between yourself and ThousandEyes. Any disclosure without prior approval is grounds for removal from the program, and forfeiture of any reward.
• You must ensure that service operation and integrity and confidentiality of customer data are not affected in any way as a result of your testing. Any form of Denial of Service testing is strictly prohibited. If you believe you have identified a vector by which DoS can be performed, please reach out to USSR@thousandeyes.com.
• This is a Private Program, so you must not discuss program details including Program name, scope, Vulnerability details, bounty structure, account information, or any other detail to anyone who is not a Bugcrowd employee or member of this program. When collaborating with other Finders on the Program, be sure to do so in a secure manner, in accordance with disclosure requirements listed in Bugcrowd’s Code of Conduct.
• Please ensure that the string “Bugcrowd-<BugcrowdUsername>” is appended to your user agent for all HTTP/HTTPS traffic before performing any testing. Example instructions on how to modify the user agent string for Chrome can be found here and for Burp Suite can be found here.