Vulnerability Disclosure Program (VDP)

VDPs are meant for responsibly reporting vulnerabilities you encounter — not for actively hunting for fame or reputation. Even if you're just starting out, consider focusing on rewarded bug bounty programs instead.

sophos

BugcrowdView on Bugcrowd
RawAI Enhanced
15
In Scope
5
Out of Scope

In-Scope Assets (15)

AssetCategoryBountyQuick Links
3rd party services hosted at *.sophos.comURLNo-
Any Other Sophos Product or ServiceOTHERNo-
SOPHOS/Secureworks : RedcloakOTHERNo-
SOPHOS/Secureworks : TaegisOTHERNo-
Sophos Firewall (XG/XGS, SFOS) - Pre-auth RCEHARDWARENo-
Sophos IT Infrastructure (all other Sophos domains)OTHERNo-
https://central.sophos.comURLNo
https://central.sophos.com/URLNo
https://docs.sophos.com/central/customer/help/en-us/ManageYourProducts/ThreatAnalysisCenter/Integrations/Sophos/NDR/index.htmlHARDWARENo-
https://www.sophos.com/OTHERNo-
https://www.sophos.com/en-us/productsHARDWARENo-
https://www.sophos.com/en-us/products/endpoint-antivirus/free-trialOTHERNo-
https://www.sophos.com/en-us/products/mobile-control/free-trialANDROIDNo-
https://www.sophos.com/en-us/products/mobile-control/free-trialIOSNo-
https://www.sophos.com/en-us/products/next-gen-firewallHARDWARENo-
Out-of-Scope Assets (5)
AssetCategoryBounty
Any Cyberoam Product or ServiceOTHERNo
SPF/DKIM/DMARC issuesOTHERNo
Sophos Firewall (Early Access Program (EAP) versions)HARDWARENo
community.sophos.comURLNo
sophos.atlassian.net (Public service desk)URLNo