Vulnerability Disclosure Program (VDP)
VDPs are meant for responsibly reporting vulnerabilities you encounter — not for actively hunting for fame or reputation. Even if you're just starting out, consider focusing on rewarded bug bounty programs instead.
sophos
15
In Scope
5
Out of Scope
In-Scope Assets (15)
| Asset | Category | Bounty | Quick Links | |
|---|---|---|---|---|
| 3rd party services hosted at *.sophos.com | URL | No | - | |
| Any Other Sophos Product or Service | OTHER | No | - | |
| SOPHOS/Secureworks : Redcloak | OTHER | No | - | |
| SOPHOS/Secureworks : Taegis | OTHER | No | - | |
| Sophos Firewall (XG/XGS, SFOS) - Pre-auth RCE | HARDWARE | No | - | |
| Sophos IT Infrastructure (all other Sophos domains) | OTHER | No | - | |
| https://central.sophos.com | URL | No | ||
| https://central.sophos.com/ | URL | No | ||
| https://docs.sophos.com/central/customer/help/en-us/ManageYourProducts/ThreatAnalysisCenter/Integrations/Sophos/NDR/index.html | HARDWARE | No | - | |
| https://www.sophos.com/ | OTHER | No | - | |
| https://www.sophos.com/en-us/products | HARDWARE | No | - | |
| https://www.sophos.com/en-us/products/endpoint-antivirus/free-trial | OTHER | No | - | |
| https://www.sophos.com/en-us/products/mobile-control/free-trial | ANDROID | No | - | |
| https://www.sophos.com/en-us/products/mobile-control/free-trial | IOS | No | - | |
| https://www.sophos.com/en-us/products/next-gen-firewall | HARDWARE | No | - |
Out-of-Scope Assets (5)
| Asset | Category | Bounty | |
|---|---|---|---|
| Any Cyberoam Product or Service | OTHER | No | |
| SPF/DKIM/DMARC issues | OTHER | No | |
| Sophos Firewall (Early Access Program (EAP) versions) | HARDWARE | No | |
| community.sophos.com | URL | No | |
| sophos.atlassian.net (Public service desk) | URL | No |