The software security research community makes the web a better, safer place. ProZ.com supports their bug-hunting efforts with a bounty program.
To report a vulnerability, please email the ProZ.com team at firstname.lastname@example.org. Be sure to include "bug bounty disclosure" in the subject line.
The following domains and apps are within the scope of the program:
To be eligible, you must demonstrate a security compromise on any of these domains using a reproducible exploit, including the following:
NOT XSS (usually): Experience has shown that reports of cross-site scripting (XSS) vulnerabilities are often NOT ELIGIBLE for bounty payments because they do not support an actual exploit in ProZ.com's environment. If you found an XSS vulnerability please send it in, but time might be better spent looking for qualifying vulnerabilities listed above.
ProZ.com staff will respond as quickly as possible to your submission, and will keep you updated as the bug is verified and fixed.
ProZ.com deals only with principals, not vulnerability brokers. If you reside in a country on a United States restricted export control list, or are on a United States state or federal criminal wanted list or restricted export control list, you may not be eligible to participate in this program. ProZ.com staff will make the final decision on bug eligibility and value. This program exists entirely at the discretion of the owner of ProZ.com and may be modified or canceled at any time. Any changes made to this program's terms do not apply retroactively. Thank you for helping to make ProZ.com more secure.
Serving the world's largest community of translators, ProZ.com delivers a comprehensive network of essential services, resources and experiences that enhance the lives of its members.
Learn more »
+1 (315) 463-7323