Coordinated and Responsible Vulnerability Disclosure Free Bug Bounty Program 329,606 coordinated disclosures
191,020 fixed vulnerabilities
415 bug bounties with 872 websites
9,243 researchers, 854 honor badges

Zenchef Bug Bounty Program

Zenchef runs a bug bounty program to ensure the highest security and privacy of its websites. Everyone is eligible to participate in the program subject to the below-mentioned conditions and requirements of Zenchef

Open Bug Bounty performs triage and verification of the submissions. However, we never intervene to the further process of vulnerability remediation and disclosure between Zenchef and researchers.

Bug bounty program allow all submissions.

Bug Bounty Scope

The following websites are within the scope of the program:

Non-Intrusive Submissions Handling

The following section encompasses submission of the vulnerabilities that do not require intrusive testing as per Open Bug Bounty rules:

- Cross Site Scripting (XSS)
- Open Redirect

- Cross Site Request Forgery (CSRF)
- Improper Access Control

General Requirements:

No general requirements

Testing Requirements:

No testing requirements

Possible Awards:

No possible awards

Community Rating

Provided by security researchers who reported security vulnerabilities via this bug bounty program:

Response Time  How quickly researchers get responses to their submissions.
Remediation Time  How quickly reported submissions are fixed.
Cooperation and Respect  How fairly and respectfully researchers are being treated.

  Latest Patched


  Latest Blog Posts

22.03.2019 by HackerGautam
TLS 1.3 Genesis, Mechanism and Working
19.03.2019 by Open Bug Bounty
GDPR PII exposure can now be securely reported via Open Bug Bounty
24.02.2019 by ismailtsdln
Apple XSS Vulnerability - Proof of Concept (PoC)
24.02.2019 by ismailtsdln
How do you use an xss as a keylogger ?
23.02.2019 by ismailtsdln
Everything about XSS is in this source!

  Recent Recommendations

    26 March, 2019
Thanks for fing the vulnerability. Bug will be fixed at next update.
    25 March, 2019
Brian has responsibly reported a misconfiguration on one of my servers that could have led to sensitive information disclosure. He clearly and quickly explained the issue and its potential implications, and made it clear he did not expect anything for this.

Brian is a true internet hero, we need more people like Geeknik. Thanks a lot for making the internet safer.
    25 March, 2019
Dear Armin, thank you very much for reporting a vulnerability to us in such a respectful, professional way! Your extensive documentation helped us tremendously to solve the issue in almost no time.

It's guys like you that make the internet a better and safer place! Thanks alot!
    25 March, 2019
Thank you very much for reporting, you helped us a lot - fixed.
    24 March, 2019
Thank you for reporting this vulnerability to us responsibly and for your professional conduct. Your assistance and professionalism is much appreciated.