Bitdefender is committed to providing a secure environment for customers and partners. As part of this commitment, we engage the efforts of security researchers to identify potential vulnerabilities in our products and services. We follow responsible disclosure guidelines to ensure our customers address potential vulnerabilities as quickly as possible to mitigate associated risks.
Vulnerability – a weakness or flaw in a product or service that can be exploited by a threat actor to perform unauthorized actions within a computer system, such as compromising its confidentiality, integrity or availability.
Vulnerability disclosure - the practice of reporting newly discovered vulnerabilities in products and services directly to the vendors of the affected product.
Security advisory - document or message that provides vulnerability information intended to reduce risk.
Bitdefender encourages security researchers to identify and submit vulnerability reports regarding virtually everything within Bitdefender’s scope, including but not limited to the website, products and services.
Targets within Bitdefender’s scope are the following:
Bitdefender Information Security team
Bitdefender encourages security researchers to submit vulnerability reports in an encrypted format to firstname.lastname@example.org.
Our PGP key can be found here.
We also run a bug bounty program. If you wish to participate, refer to the program page for more details.
The Bitdefender Information Security team will acknowledge receipt of the report, and validate and reproduce the issue together with product teams, security engineers or developers. Additional help and collaboration might be required from security researchers to go through these steps and make sure the potential issue is confirmed.
Bitdefender is committed to resolving confirmed vulnerabilities as quickly as possible.
An advisory will be published in our Security Advisories section to ensure affected customers are kept informed about vulnerabilities in our products and services.
All vulnerability reports submitted to us can be subject to our bug bounty program if the required qualification criteria are met. Bug bounties are only offered if the researcher agrees to our bug bounty terms and conditions for eligibility and legal aspects.