<img height="1" width="1" style="display:none;" alt="" src="https://dc.ads.linkedin.com/collect/?pid=380018&amp;fmt=gif">

Bug Bounty Program

As part of our commitment to security at Avantra, we reward researchers who share the details of critical issues with us. We make it a priority to resolve confirmed issues as quickly as possible in order to best protect our customers.

Eligibility

Reported issues must adhere to the following criteria:

  • Be completely disclosed to the Avantra team including steps to reproduce
  • Our team must be able to reproduce the disclosure in our lab using a standard configuration
  • The reported issue must be new (not already disclosed to Avantra)
  • The researcher must keep the details of the issue confidential until we have had a chance to reproduce, analyse and issue a fix to our customers*

These eligibility rules are meant to protect our customers until an update is available, ensuring Avantra can verify reports, create necessary updates and correctly reward those doing original research.

Bounty categories and payments

Please use the form on this page to get in touch to discuss your area of research. The payment amounts are determined by the level of access or execution achieved by the research. The exact payment amounts are determined after review by Avantra.

* We typically try to adhere to the industry standard of a 90-day non-disclosure period to allow for sufficient time to rectify the issue.

Bug Bounty Information