20 Minuten

  • $150 – $2,500 per vulnerability
  • Partial safe harbor
  • Managed by Bugcrowd

Program stats

39 vulnerabilities rewarded

Validation within about 13 hours
75% of submissions are accepted or rejected within about 13 hours

$287.50 average payout (last 3 months)

Latest hall of famers

Recently joined this program

Launched in 1999, 20 Minuten is the number one daily commuter newspaper for Switzerland. It provokes discussion with its news on politics, business, sport, entertainment and services. 20 Minuten is part of the 20 Minuten media network, which encompasses the commuter papers 20 Minuten, 20 minutes and 20 minuti, the news portals 20minuten.ch, 20minutes.ch and 20minuti.ch/tio.ch as well as the people, fashion and lifestyle magazine 20 Minuten Friday and the Friday Blog. Our digital platform reaches about 60% of all Swiss citizens.

Security is a top priority for us and that is why we are running a public Bug Bounty program for our 20 Minuten website (https://www.20min.ch). We want to ensure our newspaper can stand up to the best hackers in the world from day 0!
This websites is always in development and subject to continuous updates and new features.
Other 20 Minuten websites, including legacy sites are not part of this program so please focus your efforts on www.20min.ch. Checkout the Target Groups for more information and Good Luck!

Ratings/Rewards:

For the initial prioritization/rating of findings, this program will use the Bugcrowd Vulnerability Rating Taxonomy. However, it is important to note that in some cases a vulnerability priority will be modified due to its likelihood or impact. In any instance where an issue is downgraded, a full, detailed explanation will be provided to the researcher - along with the opportunity to appeal, and make a case for a higher priority.

Scope and rewards

Program rules

This program follows Bugcrowd’s standard disclosure terms.

For any testing issues (such as broken credentials, inaccessible application, or Bugcrowd Ninja email problems), please email support@bugcrowd.com. We will address your issue as soon as possible.

This program does not offer financial or point-based rewards for P5 — Informational findings. Learn more about Bugcrowd’s VRT.