Bitdefender is committed to providing a secure environment for their customers. As part of this commitment, we engage the efforts of the security researchers to identify potential vulnerabilities in our products and services. We follow the guidelines of responsible disclosure to ensure our customers address potential vulnerabilities as quickly as possible to mitigate associated risks.
Vulnerability - weakness or flaw in a product or service which can be exploited by a threat actor, to perform unauthorized actions within a computer system, such as compromising the confidentiality, integrity or availability.
Vulnerability disclosure - the practice of reporting newly discovered vulnerabilities in products and services directly to the vendors of the affected product
Security advisory - document or message that provides vulnerability information intended to reduce risk
Bitdefender encourage security researchers to identify and submit vulnerability reports regarding virtually everything that bears the Bitdefender scope, including but not limited to the website, products and services.
In scope targets are the following:
Bitdefender Information Security team
Bitdefender Information Security team will acknowledge the receipt of the report, validate and reproduce the issue together with product manager, security engineers or developers. Additional help and collaboration might be required from security researchers to go through these steps and to make sure the potential issue is confirmed.
Bitdefender is committed to resolving confirmed vulnerabilities as fast as possible.
An advisory will be published on our Security Advisories section to ensure that affected customers are kept informed about the vulnerabilities in our products and services.
All the vulnerability reports submitted to us can be subject to our bug bounty program if the required qualification criteria are met. Bug bounties are only offered provided that the researcher agrees to our bug bounty terms and conditions for eligibility and legal aspects.