Vulnerability Reward Program

Report vulnerabilities found in WithSecure products and services.

WithSecure rewards parties who report security vulnerabilities in certain WithSecure products and services, also known as a "bug bounty" program.

In order to avoid misunderstandings and ambiguities, we apply the following guidelines; even if lengthy, please read them in their entirety before participating.

What is this about?

What is this about?

We want to hear about any security vulnerabilities in our products and services. In order to reward security researchers, we offer monetary rewards for eligible security vulnerability reports that are disclosed to us in a coordinated way. However, there are certain rules that need to be followed to ensure that your security research does not cause security risk to other users or their data, and to decrease the likelihood that your research would be flagged as a malicious intrusion attempt by our monitoring. We also want to be clear about certain aspects relating to acceptance of reports and payment of rewards in order to avoid any surprises.

A "security vulnerability" is defined as an issue that causes a breach of confidentiality, integrity, or availability of the service or data, or applies to personal data (personally identifiable information) being stored or processed in a way that is not compliant with the current Finnish data protection legislation.

Scope How to report a vulnerability What happens after your report Rewards Payments Further legal statements

Other links

Security advisories

Detailed information on public vulnerabilities in WithSecure products.

Read more

Hall of Fame

当社の「脆弱性報奨プログラム」において、重要なセキュリティ脆弱性を発見・報告いただき、その内容が当社の製品およびサービスの安全性を高めることに貢献したセキュリティ研究者の方々の功績に感謝し「Hall of fame」に掲示いたします。

Read more

Our accreditations and certificates