Responsible Disclosure Policy
Updated June 1, 2018
Reporting Security Vulnerabilities to Zendesk
Zendesk aims to keep its Services safe for everyone, and data security is of utmost priority. If you are a security researcher and have discovered a security vulnerability in the Services, we appreciate your help in disclosing it to us in a responsible manner.
Our responsible disclosure process is hosted by HackerOne’s bug bounty program. We run separate programs for each of our three key products. Please visit the corresponding HackerOne portal below to report any security vulnerabilities:
Only vulnerabilities submitted there will be eligible for a reward.
If you previously responsibly disclosed a vulnerability to us, thank you. Our list of contributors continues to live on at HackerOne and can be found here: https://hackerone.com/zendesk/thanks/prior