Responsible Disclosure Policy

Updated December 17, 2019

Reporting Security Vulnerabilities to Zendesk

Zendesk aims to keep its Services safe for everyone, and data security is of utmost priority. If you are a security researcher and have discovered a security vulnerability in the Services, we appreciate your help in disclosing it to us in a responsible manner.

Our responsible disclosure process is hosted by HackerOne’s bug bounty program. We run the following programs which encompass multiple facets of our products, please visit the corresponding channelHackerOne portal below to report any security vulnerabilities:

• Zendesk Support, Guide, Talk, Chat, Message, Connect, Explore, and Sunshine – https://hackerone.com/zendesk
• Bime – https://hackerone.com/bime
• Base – https://bugbounty.getbase.com/
• Sunshine Conversations (Smooch) – Please submit all reports to our team at security@zendesk.com

Only vulnerabilities submitted via the appropriate channel will be eligible for a reward. If you previously responsibly disclosed a vulnerability to us, thank you. Our list of contributors continues to live on at HackerOne and can be found here: https://hackerone.com/zendesk/thanks/prior