Vulnerability Disclosure Program (VDP)
VDPs are meant for responsibly reporting vulnerabilities you encounter — not for actively hunting for fame or reputation. Even if you're just starting out, consider focusing on rewarded bug bounty programs instead.
ibotta
13
In Scope
7
Out of Scope
In-Scope Assets (13)
| Asset | Category | Bounty | Quick Links | |
|---|---|---|---|---|
| Ibotta App Data & Memory | OTHER | No | - | |
| http://ibotta.com | URL | No | ||
| http://itunes.apple.com/us/app/ibotta/id559887125 | IOS | No | - | |
| http://market.android.com/details?id=com.ibotta.android | ANDROID | No | - | |
| https://api.ibops.net | URL | No | ||
| https://api.ibops.net/ad-management | URL | No | ||
| https://api.ibotta.com | URL | No | ||
| https://api.int.ibops.net | URL | No | ||
| https://api.int.ibops.net/customer-loyalty-service | URL | No | ||
| https://app.ibotta.com/sign-in | URL | No | ||
| https://backend.ibotta.com/ | URL | No | ||
| https://chrome.google.com/webstore/detail/ibotta-browser-extension/mfaedmjlefifhnhpgipjjiiekchaimpk?hl=en-US | OTHER | No | - | |
| https://content-server.ibotta.com/graphql | URL | No |
Out-of-Scope Assets (7)
| Asset | Category | Bounty | |
|---|---|---|---|
| *dev.ibotta.com | URL | No | |
| http://sampling.ibotta.com/ | URL | No | |
| https://backend.ibotta.com/duplicate_receipt_moderation | URL | No | |
| https://investors.ibotta.com/ | URL | No | |
| https://ir.ibotta.com | URL | No | |
| https://trust.ibotta.com | URL | No | |
| legal.ibotta.com | URL | No |