Malwarebytes Responsible Disclosure Program

New security issues and attack vectors are emerging day after day, and Malwarebytes diligently keeps abreast of the latest security developments by working with independent security researchers and our internal research team. Malwarebytes welcomes and encourages independent researchers to report vulnerabilities in our products to us. The objective of our Malwarebytes Responsible Disclosure (MRD) program is to work proactively with leading researchers in making our products more secure and giving malware writers a hard time.

The MRD program incentivizes external researchers who work with us responsibly by promoting an open communication channel with our engineering division, awarding bug bounties, and duly crediting the effort from leading researchers in our Hall of Fame and other hotfix release notes.

Malwarebytes offers cash bug bounties for the reproducible security bugs. The amount awarded for these bugs is between $100 and $2000 depending on the bug severity and exploitability. However, Malwarebytes reserves the right to increase this amount on a per case basis. Additionally, as decided by our security and research team, the most innovative submissions are entered into the Malwarebytes Hall of Fame and get cool Malwarebytes swag.

By submitting to our bug bounty, one needs to agree to the Program Guidelines.

To report a security vulnerability in our bug bounty program, email bug-bounty@malwarebytes.com. The sender will receive an automated email response containing a link that can be used to submit the details of a security vulnerability. Please do not submit customer support questions, functionality issues or feature requests to the bug bounty program.