Vulnerability Disclosure Program (VDP)
VDPs are meant for responsibly reporting vulnerabilities you encounter — not for actively hunting for fame or reputation. Even if you're just starting out, consider focusing on rewarded bug bounty programs instead.
wise
8
In Scope
20
Out of Scope
In-Scope Assets (8)
| Asset | Category | Bounty | Quick Links | |
|---|---|---|---|---|
| *.transferwise.com | URL | No | ||
| *.wise.com | URL | No | ||
| AWS infrastructure and services in use by Wise (eg: S3 buckets) | OTHER | No | - | |
| https://apps.apple.com/us/app/wise-ex-transferwise/id612261027 | IOS | No | - | |
| https://github.com/transferwise/* | OTHER | No | - | |
| https://play.google.com/store/apps/details?id=com.transferwise.android&hl=en_US&gl=US | ANDROID | No | ||
| https://transferwise.com | URL | No | ||
| https://wise.com | URL | No |
Out-of-Scope Assets (20)
| Asset | Category | Bounty | |
|---|---|---|---|
| *.transferwise.tech | URL | No | |
| *.tw.com | URL | No | |
| *.tw.ee | URL | No | |
| Any Github asset not under the “transferwise” organization | OTHER | No | |
| Non-current version of the Android app | ANDROID | No | |
| Non-current version of the iOS app | IOS | No | |
| Third party authentication services (eg: Facebook and Google) | URL | No | |
| Third party services not hosted by Wise | URL | No | |
| Wise Affiliate Program | URL | No | |
| bootstrap.transferwise.com | URL | No | |
| brand.transferwise.com | URL | No | |
| brand.wise.com | URL | No | |
| https://transferwise.com/help/contact | URL | No | |
| https://wise.com/help/contact | URL | No | |
| links.transferwise.com | URL | No | |
| links.wise.com | URL | No | |
| status.transferwise.com | URL | No | |
| status.wise.com | URL | No | |
| tech.transferwise.com | URL | No | |
| widgets.transferwise.com | URL | No |