bind-bug-bounty-program
1
In Scope
7
Out of Scope
In-Scope Assets (1)
| Asset | Category | Bounty | Quick Links | |
|---|---|---|---|---|
| https://gitlab.isc.org/isc-projects/bind9 | OPEN-SOURCE | Yes | - |
Out-of-Scope Assets (7)
| Asset | Category | Bounty | |
|---|---|---|---|
| Any asset that is not explicitly included in our program's scope | OTHER | Yes | |
| Any depreciated versions and other versions than the current stable/official version are considered out of scope. | OTHER | Yes | |
| Any local implementation of the project/implementation belonging to third parties | OTHER | Yes | |
| Any third parties’ or Community’s assets (e.g. packages or versions not created and published by ISC). | OTHER | Yes | |
| Vulnerabilities in the DNS protocol that are not specific to the BIND 9 implementation (while we are interested in these, they are out of scope of this Bug Bounty program). | OTHER | Yes | |
| gitlab.isc.org | OTHER | Yes | |
| lists.isc.org | OTHER | Yes |
Scope Changes (31)
Feb 25, 2026
| Change | Asset | Category | Scope | Time |
|---|---|---|---|---|
| Added | https://gitlab.isc.org/isc-projects/bind9 | URL | In Scope | 19:08 |
| Added | gitlab.isc.org | URL | Out of Scope | 19:08 |
| Added | lists.isc.org | URL | Out of Scope | 19:08 |
| Added | any asset that is not explicitly included in our program's scope | OTHER | Out of Scope | 19:08 |
| Added | any third parties’ or community’s assets (e.g. packages or versions not created and published by isc) | OTHER | Out of Scope | 19:08 |
| Added | any depreciated versions and other versions than the current stable/official version are considered out of scope | OTHER | Out of Scope | 19:08 |
| Added | any local implementation of the project/implementation belonging to third parties | OTHER | Out of Scope | 19:08 |
| Added | vulnerabilities in the dns protocol that are not specific to the bind 9 implementation (while we are interested in these, they are out of scope of this bug bounty program) | OTHER | Out of Scope | 19:08 |
Feb 22, 2026
| Change | Asset | Category | Scope | Time |
|---|---|---|---|---|
| Added | any asset that is not explicitly included in our program's scope | OTHER | Out of Scope | 00:51 |
| Added | any third parties’ or community’s assets (e.g. packages or versions not created and published by isc) | OTHER | Out of Scope | 00:51 |
| Added | any depreciated versions and other versions than the current stable/official version are considered out of scope | OTHER | Out of Scope | 00:51 |
| Added | any local implementation of the project/implementation belonging to third parties | OTHER | Out of Scope | 00:51 |
| Added | vulnerabilities in the dns protocol that are not specific to the bind 9 implementation (while we are interested in these, they are out of scope of this bug bounty program) | OTHER | Out of Scope | 00:51 |
| Added | https://gitlab.isc.org/isc-projects/bind9 | CODE | In Scope | 00:51 |
| Added | gitlab.isc.org | URL | Out of Scope | 00:51 |
| Added | lists.isc.org | URL | Out of Scope | 00:51 |
Feb 21, 2026
| Change | Asset | Category | Scope | Time |
|---|---|---|---|---|
| Removed | https://gitlab.isc.org/isc-projects/bind9 | OPEN-SOURCE | In Scope | 21:40 |
| Removed | gitlab.isc.org | OTHER | Out of Scope | 21:40 |
| Removed | lists.isc.org | OTHER | Out of Scope | 21:40 |
| Removed | any asset that is not explicitly included in our program's scope | OTHER | Out of Scope | 21:40 |
| Removed | any third parties’ or community’s assets (e.g. packages or versions not created and published by isc) | OTHER | Out of Scope | 21:40 |
| Removed | any depreciated versions and other versions than the current stable/official version are considered out of scope | OTHER | Out of Scope | 21:40 |
| Removed | any local implementation of the project/implementation belonging to third parties | OTHER | Out of Scope | 21:40 |
| Removed | vulnerabilities in the dns protocol that are not specific to the bind 9 implementation (while we are interested in these, they are out of scope of this bug bounty program) | OTHER | Out of Scope | 21:40 |
| Added | gitlab.isc.org | OTHER | Out of Scope | 00:33 |
| Added | lists.isc.org | OTHER | Out of Scope | 00:33 |
| Added | any asset that is not explicitly included in our program's scope | OTHER | Out of Scope | 00:33 |
| Added | any third parties’ or community’s assets (e.g. packages or versions not created and published by isc) | OTHER | Out of Scope | 00:33 |
| Added | any depreciated versions and other versions than the current stable/official version are considered out of scope | OTHER | Out of Scope | 00:33 |
| Added | any local implementation of the project/implementation belonging to third parties | OTHER | Out of Scope | 00:33 |
| Added | vulnerabilities in the dns protocol that are not specific to the bind 9 implementation (while we are interested in these, they are out of scope of this bug bounty program) | OTHER | Out of Scope | 00:33 |