What is a Bug Bounty Program?

Organisations like Xero and MYOB, Google and Facebook run what is called a bug bounty program. A bug bounty program allows people outside of Tanda to report security vulnerabilities they find, and get compensated for their work. It is an extremely effective way of making a software offering more secure.


We follow the prioritisations of vulnerabilities as listed by bugcrowd: https://bugcrowd.com/vulnerability-rating-taxonomy and then reward based on the following table.

We will not pay out bugs that we are already aware of, or currently working to resolve. Tanda will pay bug bounties using PayPal only.

If you have found a bug, please report it to bugbounty@tanda.co with a proof of concept and exploit information!

Did this answer your question?