Vulnerability Disclosure Program (VDP)
VDPs are meant for responsibly reporting vulnerabilities you encounter — not for actively hunting for fame or reputation. Even if you're just starting out, consider focusing on rewarded bug bounty programs instead.
bill_vdp
12
In Scope
1
Out of Scope
In-Scope Assets (12)
| Asset | Category | Bounty | Quick Links | |
|---|---|---|---|---|
| *.2go.com | WILDCARD | No | ||
| *.bill.com | WILDCARD | No | ||
| *.divvy.co | WILDCARD | No | ||
| *.finmark.com | WILDCARD | No | ||
| Other BILL assets | OTHER | No | - | |
| app.bill.com | URL | No | ||
| app.divvy.co | URL | No | ||
| com.bdc.bill | ANDROID | No | ||
| com.divvypay.Divvy | ANDROID | No | ||
| com.invoice2go.invoice2goplus | ANDROID | No | ||
| id1114962353 | IOS | No | - | |
| id980353334 | IOS | No | - |
Out-of-Scope Assets (1)
| Asset | Category | Bounty | |
|---|---|---|---|
| *.zipbooks.com | WILDCARD | No |
Scope Changes (39)
Feb 25, 2026
| Change | Asset | Category | Scope | Time |
|---|---|---|---|---|
| Added | *.finmark.com | WILDCARD | In Scope | 19:20 |
| Added | *.bill.com | WILDCARD | In Scope | 19:20 |
| Added | app.bill.com | URL | In Scope | 19:20 |
| Added | app.divvy.co | URL | In Scope | 19:20 |
| Added | com.bdc.bill | ANDROID | In Scope | 19:20 |
| Added | com.invoice2go.invoice2goplus | ANDROID | In Scope | 19:20 |
| Added | *.2go.com | WILDCARD | In Scope | 19:20 |
| Added | other bill assets | OTHER | In Scope | 19:20 |
| Added | *.zipbooks.com | WILDCARD | Out of Scope | 19:20 |
| Added | *.divvy.co | WILDCARD | In Scope | 19:20 |
| Added | id980353334 | IOS | In Scope | 19:20 |
| Added | id1114962353 | IOS | In Scope | 19:20 |
| Added | com.divvypay.divvy | ANDROID | In Scope | 19:20 |
Feb 22, 2026
| Change | Asset | Category | Scope | Time |
|---|---|---|---|---|
| Added | com.bdc.bill | ANDROID | In Scope | 00:48 |
| Added | com.invoice2go.invoice2goplus | ANDROID | In Scope | 00:48 |
| Added | other bill assets | OTHER | In Scope | 00:48 |
| Added | *.zipbooks.com | WILDCARD | Out of Scope | 00:48 |
| Added | *.bill.com | WILDCARD | In Scope | 00:48 |
| Added | app.divvy.co | URL | In Scope | 00:48 |
| Added | *.divvy.co | WILDCARD | In Scope | 00:48 |
| Added | id980353334 | IOS | In Scope | 00:48 |
| Added | id1114962353 | IOS | In Scope | 00:48 |
| Added | com.divvypay.divvy | ANDROID | In Scope | 00:48 |
| Added | *.finmark.com | WILDCARD | In Scope | 00:48 |
| Added | *.2go.com | WILDCARD | In Scope | 00:48 |
| Added | app.bill.com | URL | In Scope | 00:48 |
Feb 21, 2026
| Change | Asset | Category | Scope | Time |
|---|---|---|---|---|
| Added | *.bill.com | WILDCARD | In Scope | 19:13 |
| Added | app.bill.com | URL | In Scope | 19:13 |
| Added | app.divvy.co | URL | In Scope | 19:13 |
| Added | *.divvy.co | WILDCARD | In Scope | 19:13 |
| Added | id980353334 | IOS | In Scope | 19:13 |
| Added | id1114962353 | IOS | In Scope | 19:13 |
| Added | com.bdc.bill | ANDROID | In Scope | 19:13 |
| Added | com.divvypay.divvy | ANDROID | In Scope | 19:13 |
| Added | com.invoice2go.invoice2goplus | ANDROID | In Scope | 19:13 |
| Added | *.finmark.com | WILDCARD | In Scope | 19:13 |
| Added | *.2go.com | WILDCARD | In Scope | 19:13 |
| Added | other bill assets | OTHER | In Scope | 19:13 |
| Added | *.zipbooks.com | WILDCARD | Out of Scope | 19:13 |