Vulnerability Disclosure Program (VDP)
VDPs are meant for responsibly reporting vulnerabilities you encounter — not for actively hunting for fame or reputation. Even if you're just starting out, consider focusing on rewarded bug bounty programs instead.
msd
3
In Scope
0
Out of Scope
In-Scope Assets (3)
| Asset | Category | Bounty | Quick Links | |
|---|---|---|---|---|
| *.merck.com | URL | No | ||
| *.msd.com | URL | No | ||
| All other applications (web sites, web applications, web services, and mobile applications) owned by Merck & Co., Inc., Rahway, NJ, USA | OTHER | No | - |
Scope Changes (9)
Feb 26, 2026
| Change | Asset | Category | Scope | Time |
|---|---|---|---|---|
| Added | *.merck.com | WILDCARD | In Scope | 02:52 |
| Added | *.msd.com | WILDCARD | In Scope | 02:52 |
| Added | all other applications (web sites, web applications, web services, and mobile applications) owned by merck & co., inc., rahway, nj, usa | OTHER | In Scope | 02:52 |
Feb 22, 2026
| Change | Asset | Category | Scope | Time |
|---|---|---|---|---|
| Added | *.merck.com | WILDCARD | In Scope | 00:40 |
| Added | *.msd.com | WILDCARD | In Scope | 00:40 |
| Added | all other applications (web sites, web applications, web services, and mobile applications) owned by merck & co., inc., rahway, nj, usa | OTHER | In Scope | 00:40 |
Feb 21, 2026
| Change | Asset | Category | Scope | Time |
|---|---|---|---|---|
| Added | *.merck.com | URL | In Scope | 19:11 |
| Added | *.msd.com | URL | In Scope | 19:11 |
| Added | all other applications (web sites, web applications, web services, and mobile applications) owned by merck & co., inc., rahway, nj, usa | OTHER | In Scope | 19:11 |