Bitdefender is a global leader in cybersecurity, protecting over 500 million systems for more than 18 years in more than 150 countries. Powered by its depth of security expertise and rapid pace of research and development, Bitdefender’s long-standing mission is to deliver transformative security technologies to the world’s users and organizations.
About the Program:
Bitdefender’s public bug bounty program is focused on identifying vulnerabilities and any assets (infrastructure or products) bearing the Bitdefender brand. Currently the program wants to put a particular spotlight on a new billing and subscription platform and as such, is running a promotion offering substantially increased rewards for any P1 and P2 vulnerabilities found there.
What’s In It For You:
They are currently running a reward event where they have increased their P1 and P2 rewards by 50% for any findings in the new billing and subscription service. The specific targets that are a part of this reward event include:
- Checkout service: https://checkout-service.bitdefender.com
- Checkout sdk: https://checkout-sdk.bitdefender.com
- Central Integration: https://central.bitdefender.com/subscriptions/services
The reward ranges for bugs found on these targets are:
|Technical Severity||Low Reward||High Reward|
Assets in scope of the main Bitdefender program include:
- Bitdefender Total Security 2020
- Bitdefender GravityZone Business Security
- Bitdefender Antimalware Engines
This is an attractive program for anyone with skills as a web focused pentester.
What Can You Expect From This Program:
When working with the Bitdefender team, you can expect them to:
- Extend Safe Harbor for your vulnerability research
- Work with you to understand and validate your report, including a timely initial response to the submission
- Work to remediate discovered vulnerabilities in a timely manner
- Recognize your contribution to improving their security
Interested in learning more?
Portswigger’s Web Security Academy: https://portswigger.net/web-security
Cyber Mentor’s video course on Web Application Hacking: https://www.youtube.com/watch?v=24fHLWXGS-M
OWASP’s Mobile Security Guide: https://owasp.org/www-project-mobile-security-testing-guide/