Vulnerability Disclosure Program (VDP)

VDPs are meant for responsibly reporting vulnerabilities you encounter — not for actively hunting for fame or reputation. Even if you're just starting out, consider focusing on rewarded bug bounty programs instead.

british_airways_vdp

HackerOneView on HackerOne

RawAI Enhanced

In Scope

Out of Scope

In-Scope Assets (5)

Asset	Category	Bounty	Quick Links
*.ba.com	WILDCARD	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal
*.britishairways.com	WILDCARD	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal
Security vulnerabilities that are identified in digital properties owned, operated, or controlled by British Airways are considered in scope.	OTHER	No	-
http://www.britishairways.com/nx	URL	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal
www.britishairways.com	URL	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal

Out-of-Scope Assets (3)

Asset	Category	Bounty
Testing is not permitted on internal systems, employee portals, onboard aircraft systems, third-party services, or any assets using external networks or domains not directly owned or controlled by British Airways	OTHER	No
accounts.britishairways.com	URL	No
holiday.britishairways.com	URL	No