BugBounty Account Information

Welcome to the AT&T Bug Bounty Program. Please enter your Account Information to Register.

Publish my name on the AT&T Bug Bounty Hall of Fame including Top 25 when eligible
Use my name/profile handles on social media channels





Terms & Conditions

There are constraints on who may participate in the AT&T Bug Bounty Program (the "Program"). In addition, there may be additional restrictions depending upon applicable local laws.

  1. The parties to this agreement are you and AT&T Services.
  2. "AT&T Services" refers to AT&T Services, Inc., and "AT&T" refers to AT&T Services and its affiliates.
  3. You must abide by the law.
  4. AT&T employees, contractors, and their families are not eligible for rewards.
  5. Please submit your report as soon as you have discovered a potential vulnerability. By submitting the vulnerability, you affirm that you have not disclosed and agree that you will not disclose the bug or your submission to anyone other than AT&T via the AT&T Bug Bounty Process. Absent AT&T's prior written consent, any disclosure outside of this process would violate this Agreement. It is understood and agreed that money damages would not be a sufficient remedy for any breach of this paragraph by you or your representative(s) and that AT&T shall be entitled to specific performance as a remedy for any such breach, including injunctive relief. Such remedy shall not be deemed to be the exclusive remedy for any such breach but shall be in addition to all other remedies available at law or equity to AT&T.
  6. Submissions selected for rewards, and the individuals who submitted the vulnerabilities will receive appropriate recognition at the discretion of AT&T.
  7. By submitting information about a potential vulnerability, you are agreeing to these terms and conditions and granting AT&T a worldwide, royalty-free, non-exclusive license to use your submission for the purpose of addressing vulnerabilities. Only the first report of a given issue that AT&T had not yet identified is eligible. In the event of a duplicate submission, only the earliest received report is considered.
  8. Eligibility for rewards and determination of the recipients and amount of reward is left up to the discretion of AT&T.
  9. The Program is focused predominantly on: Internet-facing AT&T websites executing on internet domains that provide significant business value to AT&T, and are supported directly by AT&T and its suppliers; AT&T-branded mobile applications; AT&T-branded devices; and the AT&T API Platform. Vulnerabilities submitted outside this scope are generally less likely to receive recognition or rewards under this Program.
  10. You are responsible for all taxes associated with and imposed on any reward you may receive from AT&T Services. You must submit to AT&T Services, prior to a reward payment being processed, a valid Form W-8BEN, W-8BEN-E, W-8ECI, W-8EXP, W-8IMY, or W-9 (or any successor form prescribed by the IRS). If you are not a US national, you must also submit to AT&T Services, prior to a reward payment being processed, a completed Foreign Vendor Questionnaire. AT&T may reduce any reward by the amount of any tax imposed on you that AT&T is required to pay directly to a taxing or other governmental authority. Reward payments are made via EFT (domestic) or SWIFT (international) so appropriate routing and/or SWIFT account information along with documented banking information for the account funds are being transferred to must be submitted to AT&T Services prior to a reward payment being processed. Payments may also be processed via PayPal, however you will be responsible for all fees associated with this service.
  11. You are responsible for notifying AT&T of any changes to your contact information, including but not limited to your email address. Failure to do so may lead to the forfeiture of Bounty Awards.
  12. You have 60 days from the date of initial notification to respond to Bounty Award notifications and provide completed tax forms. Failure to respond within 60 days will lead to the forfeiture of Bounty Awards.
  13. AT&T Services reserves the right to discontinue the Program at any time without notice.
  14. If you or your bank are on a sanctions lists or are in a country on a sanctions list (e.g. Cuba, Iran, North Korea, Sudan and Syria), then you are ineligible to receive a reward payment.
  15. You may only exploit, investigate, or target vulnerabilities against your own accounts. Testing must not violate any law, or disrupt or compromise any data or access data that is not yours; intentional access of customer data other than your own is expressly prohibited.
  16. If you inadvertently access proprietary customer, employee, or business related information during your testing, the information must not be used, disclosed, stored, or recorded in any way. Inadvertent access of the data must be declared within your submission.
  17. Your testing activities must not negatively impact AT&T, or AT&T's online environment availability or performance.
  18. AT&T reserves the right of non-remediation at its sole discretion.
  19. This agreement constitutes the entire agreement of the parties with respect to the items listed above. This agreement may be amended or modified only by a subsequent agreement in writing.
  20. If any portion of this agreement is found to be illegal or unenforceable, then the parties shall be relieved of their responsibilities arising under such portion, but only to the extent that such portion is illegal or unenforceable.
captcha

 




Home | Rewards | Report Bug | Hall of Fame | FAQ

©2018 AT&T Intellectual Property.All rights reserved.