Table of Contents

Overview

In an attempt to bring stronger transparency to our customers, we are opening up a security Bug Bounty.

Scope and Reporting

This is a black box test against our production environment. In order to have your vulnerability verified, you will need to send the report to [email protected]. Please make sure the subject is clear that this is a bug bounty request (e.g., Bug Bounty: XSS found in site). All findings MUST include:

In Scope

Ensure that you adhere to Amazon’s Penetration Testing Policy.

Not in Scope

Payouts

We do not solely focus on severity ratings (e.g., CVSS) for a vulnerability. We focus on business impact of the vulnerability. Findings are rewarded on a first come basis. We break this down into three (3) payout categories where each category has a max payout.

Critical Max Payout: $10k