Cookie Settings
Operationally Necessary Cookies
Analytics Cookies
Advertising Cookies
The Bugcrowd Code of Conduct outlines the behaviors required of all Bugcrowd community members participating in crowdsourced security programs, Bugcrowd online community offerings such as the Bugcrowd Community Forum and IRC channel #bugcrowd, the Bugcrowd Researcher slack channel, Discord, Bug Bashes, as well as any other programs and events that may be offered by Bugcrowd.
This Code of Conduct applies to all interactions you have with Bugcrowd team members, customers, and researchers. The Bugcrowd community is intended for everyone, from all walks of life, and following this Code of Conduct will help ensure that we maintain a safe and welcoming place for all. Please take a moment to learn more about Who We Are and our standard requirements to understand the platform culture of all Bugcrowd participants.
Our top core values are simple. We don’t believe in unnecessarily complicating things.
Bugcrowd strives to create a safe, inclusive and positive environment for the mutual benefit of Researchers and Customers alike, allowing for collaborative engagement in the pursuit of a safer Internet.
The Platform Behavior Standards are in place to help Researchers better understand unacceptable issues and behaviors on our platform, and which measures are taken when we become aware of an incident.
These Enforcement Actions apply to persons entering our platform or engaging in communication with customers and Bugcrowd employees.
Please be aware; Bugcrowd retains the ability to adjust the severity of an enforcement measure depending on the gravity of the infraction. Additionally, depending on the nature of the infraction, Bugcrowd may impose further enforcement penalties such as extended ban durations, immediate program removal, and permanent removal from the Bugcrowd platform.
Other violations of this Code of Conduct, the Standard Disclosure Terms, the Terms of Service, or other applicable terms and customer program briefs can result in enforcement actions as well, including a warning and/or removal of access to elements of the Bugcrowd platform on a temporary or permanent basis depending on the severity of the violation. In some instances, an offender will be removed from Bugcrowd bounties or from the Bugcrowd community entirely.
All policy enforcement and eligibility decisions are made entirely at the discretion of Bugcrowd. Decisions are final and considered private matters between Bugcrowd’s team members and the individuals(s) involved. If you have any questions about a recent action taken on your account, please contact Bugcrowd Support for details.
Bugcrowd counts 1-mark and 2-mark incidents toward Total Marks for a rolling 12-month period. After 12 months, 1-mark and 2-mark incidents are considered expired and are only included in incident reviews if a pattern of behavior precedes this new incident. 4- and 5-mark incidents never expire and are considered active for the purpose of a new incident review. Additionally, program invitations may be revoked at the discretion of Customers and/or Bugcrowd based on the severity of the incident(s).
If a researcher is banned from the platform, they may request a Reinstatement Review after 1-full year. Bugcrowd will provide the Researcher with an update once the Reinstatement Review is completed. Depending on the severity of previous incidents, we may not accept a Researcher’s Reinstatement, and the ban may remain in place. Contact support@bugcrowd.com to request a Reinstatement Review.
If you observe a fellow Researcher violating our Code of Conduct and/or exhibiting malicious behaviors that are not conducive to building a safe and positive professional environment, please report it to the Bugcrowd Support Team at support@bugcrowd.com. We are grateful for your support in fortifying our community’s experience.
We have a Terms and Conditions document describing your (and our) behavior and rights related to content, privacy, and laws. To participate in Bugcrowd programs and offerings you must agree to abide by our Terms and Conditions and the Standard Disclosure Terms.