Zerodha
Online stock brokerage platform for trading and investing in stocks, futures, options, commodities, currency, ETFs, mutual funds, and bonds.
External Program
Submit bugs directly to this organization
Zerodha
Online stock brokerage platform for trading and investing in stocks, futures, options, commodities, currency, ETFs, mutual funds, and bonds.
External Program
Submit bugs directly to this organization
We try our best to keep all platforms of Zerodha secure, and make every effort to keep on top of the latest threats by working with our inhouse security team and external security consultants. If you are able to spot any security issues or vulnerabilities, please report here.
We would like to continuously build relationships and work with as many security technology enthusiasts as possible, and fairly reward any such issues spotted as well.
We will reward reports according to the severity of their impact on a case-by-case basis as determined by our security team. We may reward more for unique, hard-to-find bugs; we may also reward less for bugs with complex prerequisites that have lower risk of exploitation of our platforms or are more seen to be as good practices to be implemented.
To participate in Zerodha's Bug Bounty Program, report the bug here.
All accepted bug reports would be required to accept a non-disclosure agreement, and share their PAN, bank account details & their address (for tax and compliance purposes), to further receive any bug bounty rewards. All reward payments are also subject to tax deducted as source.
The identified bug can be reported here.
Open network ports, open services other than public HTTP Endpoints etc. DoS and DDoS tests ARE PROHIBITED.
All the bounty rewards will be paid based on an internal assessment by our security team. Based on the severity, we will revert within 1-7 business days, and communicate whether the bug report was accepted/declined and the steps forward including the payment of the reward.