• $100 – $9,500 per vulnerability
  • Up to $7,000 maximum reward
  • Safe harbor

New areas are now out of scope

Effective immediately, we have a couple of things out of scope:

  1. S3 bucket takeover from Twilio docs or Twilio public GitHub repos.
  2. Subdomain takeover for Sendgrid subdomains

Please re-review the bounty brief in detail and adjust your testing, and all scanners accordingly to make sure you are only testing and submitting in-scope bugs.

Any pending submissions submitted before the out of scope changes will be reviewed and processed accordingly.

If you have any questions on the change in the scope, please reach out to