<-- Back

How to participate in the Bug Bounty Program

Introduction

This article explains Mendix's approach for reporting security issues and the correct process for submitting vulnerability findings.

Environment

Applications hosted in any deployment type

Instructions/Procedure

Mendix does not operate a traditional bug bounty program.

  • Security findings can be submitted and reviewed at the official Mendix HackerOne page. It aids Mendix in security testing by using verified ethical hackers to comprehensively test assets within the established scope.
  • When submitting a report, please provide detailed findings and an exploitation scenario. The Mendix Security team actively monitors this platform and will address submissions accordingly.

Outcome

Upon submission, the Mendix Security team will review the reported vulnerability via HackerOne via email, initiating appropriate investigation and communication regarding next steps.

Internal information related

270026, 254812

Additional information

Mendix documentation: 

 

Have more questions? Submit a request

0 Comments

Article is closed for comments.

To provide feedback, please open a ticket here. Don't forget to include the article's URL along with the feedback you would like to provide.