//
Detail Updates Leaderboard
Description

At PDQ our mission is to make device management simple, secure, and pretty damn quick. We know how important the security of our products is. We're a bunch of former sysadmins ourselves. Every decision we make revolves around ensuring our products are safe to use for managing your devices, which is why we have a bug bounty program. It’s a true win-win: We improve the security of our products, and you reap the rewards.

Bounties
Low
0.1 - 3.9
Medium
4.0 - 6.9
High
7.0 - 8.9
Critical
9.0 - 9.4
Exceptional
9.5 - 10.0
Tier 2
100
500
1,250
3,000
3,500
Tier 2
€100 - €3,500
Tier 3
50
325
625
1,000
1,250
Tier 3
€50 - €1,250
Rules of engagement
Required
Not applicable
max. 5 requests /sec
Not applicable

Guidelines

  • Do not perform scans. Scanning is strictly prohibited.
  • Prioritize quality over quantity.
  • Provide detailed but to-the-point reproduction steps.
  • Include a clear attack scenario and a step-by-step guide in the PoC.
  • Don’t discuss bugs before we fix them.

Safe harbor for reasearchers
PDQ considers ethical hacking conducted following the established guidelines to constitute authorized conduct under criminal law. PDQ won't pursue civil action or file a complaint for accidental, good faith violations. Similarly, PDQ won’t file a complaint for circumventing its technological measures used to protect the scope as part of your ethical hacking.
If a third party initiates legal action against you and you have complied with the agreed upon terms, PDQ will verify your actions were conducted with our approval in compliance with our guidelines.

Requirements

  • An @intigriti.me email must be used when registering for any accounts while testing as a security researcher.

By participating in this program, you agree to:

  • Respect the Community Code of Conduct
  • Respect the PDQ Terms of Use
  • Respect the scope of the program
  • Not discuss or disclose vulnerability information without prior written consent (including PoCs on YouTube and Vimeo)

License management

  • Please destroy any licenses generated during your testing.

Disclaimer

PDQ reserves the right to change or modify the terms of this program at any time. You may not participate in this program if you are a resident or individual located within a country appearing on any U.S. sanctions lists (e.g. Iran, North Korea, etc.), such as the lists administered by the U.S. Department of the Treasury’s OFAC.

Domains
tier
type
https://a.simplemdm.com/
Tier 2
URL

Production environment for SimpleMDM — please take care not to disrupt any services when testing

https://auth2.pdq.tools/
Tier 2
URL

Test environment for our authentication tool

https://library-staging.pdq.tools/
URL

Test environment for our Package Library

Severity assessment

We use our contextual CVSS standard, using CVSSv3 as a scoring system and applying a business impact modifier if needed.

FAQ

How do I test purchases?

For completing test purchases we ask that you use an approved test card.

How do I sign up for a test account for your products?

Use your @intigriti.me email to sign up for a trial account for any of our products by visiting the site listed for that product.
For our authentication service, you can sign up for a staging account here. The MFA email initiated with signup will NOT come to your email. It will come here.

All aboard!
Please log in or sign up on the platform

For obvious reasons we can only allow submissions or applications for our program with a valid Intigriti account.

It will only take 2 minutes to create a new one or even less to log in with an existing account, so don't hesitate and let's get started. We would be thrilled to have you as part of our community.