Responsible Disclosure Policy
Updated June 1, 2022
Reporting Security Vulnerabilities to Zendesk
Zendesk aims to keep its Services safe for everyone and data security is of utmost priority. If you are a security researcher and have discovered a security vulnerability in the Services, we appreciate your help in disclosing it to us in a responsible manner.
Our responsible disclosure process is hosted by HackerOne’s bug bounty program. We run the following programs which encompass multiple facets of our products; please visit the corresponding HackerOne portal below to report any security vulnerabilities:
Zendesk Support, Guide, Talk, Chat, Message, Connect, Explore, Sunshine, Sell, and Sunshine Conversations (Smooch) – https://hackerone.com/zendesk
Only vulnerabilities submitted via the appropriate channel will be eligible for a reward. If you’ve previously responsibly disclosed a vulnerability to us, thank you. Our list of contributors continues to live on at HackerOne and can be found here:
Zendesk – https://hackerone.com/zendesk/thanks