BackBox sponsors a Bug Bounty program for BackBox products. Our policy is $200 for all finds reported and verified. Payment can be Amazon Gift Card or PayPal.

Requirements:

• Vulnerabilities must be High or Critical
• Vulnerabilities reported must not have been previously reported nor logged from our own internal scans and testing.
• All vulnerabilities should include the specific BackBox product they apply to, the version of the product tested and preferably credentials we can use to verify the vulnerability in your test environment.
• The bounty program applies only to our products and not to our marketing/company web presence (backbox.com).

Submissions can be placed through the contact us form, or via a support ticket by emailing support@backbox.com.