Vulnerability Disclosure Program (VDP)
VDPs are meant for responsibly reporting vulnerabilities you encounter — not for actively hunting for fame or reputation. Even if you're just starting out, consider focusing on rewarded bug bounty programs instead.
duckduckgo
4
In Scope
0
Out of Scope
In-Scope Assets (4)
| Asset | Category | Bounty | Quick Links | |
|---|---|---|---|---|
| *.duckduckgo.com | WILDCARD | No | ||
| com.duckduckgo.mobile.android | ANDROID | No | ||
| com.duckduckgo.mobile.ios | IOS | No | - | |
| https://github.com/duckduckgo/duckduckgo-privacy-extension | CODE | No | - |
Scope Changes (12)
Feb 25, 2026
| Change | Asset | Category | Scope | Time |
|---|---|---|---|---|
| Added | *.duckduckgo.com | WILDCARD | In Scope | 19:09 |
| Added | https://github.com/duckduckgo/duckduckgo-privacy-extension | CODE | In Scope | 19:09 |
| Added | com.duckduckgo.mobile.ios | IOS | In Scope | 19:09 |
| Added | com.duckduckgo.mobile.android | ANDROID | In Scope | 19:09 |
Feb 22, 2026
| Change | Asset | Category | Scope | Time |
|---|---|---|---|---|
| Added | https://github.com/duckduckgo/duckduckgo-privacy-extension | CODE | In Scope | 00:40 |
| Added | com.duckduckgo.mobile.ios | IOS | In Scope | 00:40 |
| Added | com.duckduckgo.mobile.android | ANDROID | In Scope | 00:40 |
| Added | *.duckduckgo.com | WILDCARD | In Scope | 00:40 |
Feb 21, 2026
| Change | Asset | Category | Scope | Time |
|---|---|---|---|---|
| Added | com.duckduckgo.mobile.ios | IOS | In Scope | 19:11 |
| Added | *.duckduckgo.com | WILDCARD | In Scope | 19:11 |
| Added | https://github.com/duckduckgo/duckduckgo-privacy-extension | CODE | In Scope | 19:11 |
| Added | com.duckduckgo.mobile.android | ANDROID | In Scope | 19:11 |