Compensation Special Campaign
1/8/2024, 5:04:24 PM (about 2 months ago)
1/8/2024, 5:05:59 PM

Hi hunters :)

Exciting news from our end! In line with the introduction of our latest offering, Compensation, we are kicking off a special Bug Bounty Campaign. This campaign, running until February 8th, features a generous reward structure, boosting our typical payout by 1.5x.

The Compensation feature is now accessible for those using trial accounts. For further details about this new product, please refer to the link provided.

This campaign's focus will be on the domains .personio.de/compensation and .personio.de/svc/compensation/graphql

We're extremely grateful to all of you who have been diligently identifying and reporting issues. Your expertise is invaluable.
Our Bug Bounty program is open to everyone, and we're optimistic that these enhanced rewards will encourage even wider participation.

Happy hunting!
Personio Security Team

Whistleblowing Special Campaign
11/7/2023, 5:37:54 PM (4 months ago)

Hello researchers :)

We are thrilled to inform you that in conjunction with the launch of our new product, Whistleblowing, we are** initiating a special Bug Bounty Campaign**. Until the end of the year, we will be offering an enhanced reward scheme that provides a substantial 1.5x increase over our standard payout amounts.

The Whistleblowing functionality is already available for trial accounts. You can find more information about the product in the following link.

**The targets in scope for the campaign will be .personio.de/whistleblowing and .personiowhistleblowing.com.

Big thanks to everyone who’s been finding and reporting vulnerabilities. Your skills make a big difference.
Remember, our Bug Bounty is open to all. We’re hoping these bigger rewards will get even more of you involved.

Cheers,
Personio Security Team

Payout Bump
4/6/2023, 3:43:24 PM (11 months ago)

Dear researchers of the Personio Bug Bounty Program,

We are excited to announce that we have approximately doubled the total amount of payouts per severity in our program. Click here to check the updated bounty matrix. This update is a result of our continuous efforts to improve the security of our platform and ensure that our users' data is protected to the highest standard.

We would like to thank all participants who have contributed to our program and helped us identify potential vulnerabilities. Your work and expertise are invaluable in keeping our platform secure.

As a reminder, our Bug Bounty program is open to all security researchers and we encourage you to continue testing our platform and reporting any potential security issues to us. With this update in payouts, we hope to incentivise even more participation from the security community.

Thank you for your continued support and dedication to improving the security of Personio - The People Operating System.

Best regards,
Personio Security Team

New API subdomain in scope: https://api.personio.de
3/22/2023, 5:57:39 PM (11 months ago)

Dear members of our bug bounty community,

We are pleased to announce that we have extended the scope of our program to include our API subdomain at https://api.personio.de. As the API has undergone several recent modifications, we invite you to thoroughly test it and report any vulnerabilities that you may discover.

Thank you for your continued efforts to improve our security, and happy hunting!

New Tier format!
11/21/2022, 11:44:07 AM (over 1 year ago)

Hi researchers!

The bug bounty program continues to be a central piece of our security program and we don't want anything to stop you from reporting if you find something that could harm Personio.

That is why we have modified our Tier format to allow for a more flexible reporting while still being covered by our Safe Harbour agreement.
Personio wants its data and its customers data to be secure and we count on you and will reward your work to help us accomplish it.

Happy hunting!
Personio Security Team.

New domain added to the scope!
10/28/2022, 1:29:14 PM (over 1 year ago)

A security researcher contacted us via email about a vulnerability in our HUG by Personio page - https://hug.personio.com/

As the website is not managed directly by Personio we had failed to add it into the Bug Bounty scope, and now we have solved that by adding it as a Tier 2 domain.

**Our application is in constant development, so we wanted to encourage you once more to hunt on both the new domain added to the scope as well as the main Personio application.
**
Thank you!
Personio Security Team.

Bounties update and automated tooling
8/19/2022, 12:51:02 PM (over 1 year ago)

In order to increase the activity of the program, with a particular focus on critical and exceptional vulnerabilities, we have updated our bounty amounts.
We have also defined a rate for automated tooling to make it easier for you to test the app.

Happy hunting everyone!