<aside> 📌 Sourcegraph operates a closed, invite-only HackerOne bug bounty program
</aside>
Bug bounty programs offer monetary rewards to ethical hackers for successfully discovering and reporting a vulnerability or bug to the application's developer. Bug bounty programs allow companies to leverage the hacker community to improve their systems’ security posture over time.
If you have found a high or critical severity vulnerability in one of our products, please reach out to [email protected] and we will assess whether the severity of the reported issue merits an invite to the program.
Please note that a report to this email address is no longer considered a submission to the bounty scheme in itself.
Please get in touch via the #discuss-security channel.
If you believe the issue is urgent, please also tag @security-support or @security-team.
If you believe the issue is sensitive, please get in touch with a member of the Security Team over DM.