Launching our public bug bounty program

Keeping Intercom products secure

It might seem like it goes without saying, but security is extremely important to us. Our business relies on the trust of our customers, and to maintain this trust we need to use the best tools available to keep our customers’ data secure.

Today, we’ve launched a public bug bounty program with Bugcrowd to support our security efforts, after previously running a similar private program.

Our private bug bounty program allowed us to tap into the creativity and abilities of hundreds of researchers to find and report the most complex bugs — the ones application scanners just can’t uncover. Now we’re expanding our program for access to a bigger pool of researchers to improve our ability to find and fix vulnerabilities — we hope by opening this up we’ll be able to identify and fix them at an even faster rate.

Our new public program will reward up to $1,500 per vulnerability identified, depending on impact and severity. The scope includes anything that relates to our main application functionality, our products, and our iOS and Android SDKs.

If you want to learn more, or get involved, take a look at the program here.