Malwarebytes welcomes and encourages independent researchers to report vulnerabilities in our products to us. It is the objective of this Coordinated Vulnerability Disclosure (CVD) program to work with leading researchers in making our products more secure and giving malware writers a hard time.
The CVD program incentivizes external researchers who work with us responsibly by promoting an open communication channel with our engineering division, awarding bug bounties and duly crediting the effort from leading researchers in our Hall of Fame and other hotfix release notes.
Malwarebytes offers cash bug bounties for the most interesting bugs. The amount awarded for these bugs is between $100 and $1000 depending on the bug severity and exploitability. However, Malwarebytes reserves the right to increase this amount on a per case basis. Additionally, the most innovative submissions, as decided by our research team, are entered into the Malwarebytes Hall of Fame and get cool Malwarebytes swag.
By submitting to our bug bounty you agree to the Program Guidelines.
To report a security vulnerability in our bug bounty program, email firstname.lastname@example.org. You will receive an automated email response containing a link that can be used to submit the details of a security vulnerability. Please do not submit functionality issues or feature requests to the bug bounty program.
To view the Bug Bounty Hall of Fame, click here!