submit bug report:https://www.trivago.com
Policy
trivago works vigilantly to keep customer information secure. We recognize the important role a community of security researchers and our user community also play in helping to keep trivago and our customers secure. Therefore, trivago has launched a private bug bounty program at HackerOne.
Currently, the program is invitation-only. We invite security researchers based on factors like the researcher’s reputation and their previous work. We do not disclose the identities of participating researchers nor any numbers of researchers, bugs, etc. However, to help improve overall security in the web community, we will publish interesting findings in close co-operation with participating researchers.
Due to financial regulations and restrictions, reports that are sent to us using different channels than this private HackerOne program are not eligible for payment of a bug bounty.
When did the program begin?
Our program began in March 2017.
How many researchers are currently a part of the program?
We are not releasing the number of researchers currently enrolled.
How does a researcher qualify to enter into program?
The trivago security team individually invites researchers to enter the program based on factors like the researcher’s reputation and their previous work. At times, we may reach out to additional reputable individuals we believe would benefit the program.
What are the rules and scope of the program?
Our rules and scope are similar to other public bug bounty programs, but are tailored to the scope and mission of our private approach and of protecting trivago customers. We request that researchers refrain from accessing private information, performing actions that may negatively affect trivago users (spam, denial of service), or sending reports from automated tools without verifying them.
