Skip to content

Bug Bounty Program


Security is a top priority for Cognism because it’s fundamental to everything we do, our customers and our product. For this reason, we have implemented a number of security measures and we’re committed to securing application data, eliminating vulnerabilities and finally ensuring business continuity

For questions regarding security please email

Vulnerability Disclosure

If you would like to report a vulnerability or have any security concerns with any of Cognism products, please contact

Include a proof of concept, a list of tools used (including versions), and the output of the tools. We take all disclosures very seriously. Vulnerability bounties (aka bug bounties) are determined on a case-by-case basis.

Rules for you

  • Don’t attempt to gain access to another user’s account or data.
  • Don’t perform any attack that could harm the reliability/integrity of our services or data. DDoS/spam attacks are not allowed.
  • Don’t publicly disclose a bug before it has been fixed.
  • Only test for vulnerabilities on sites you know to be operated by Cognism.
  • Do not impact other users with your testing.
  • Don’t use scanners, scrapers or any other automated tools in your testing.
  • Never attempt non-technical attacks such as social engineering, phishing, or physical attacks against our employees, users, or infrastructure.
  • When in doubt, contact us at

Rules for us

  • We will respond as quickly as possible to your submission.
  • We will keep you updated as we work to fix the bug you submitted.
  • We will not take legal action against you if you play by the rules.

What does not qualify?

  • Bugs that don’t affect the latest version of modern browsers (Chrome, Firefox, Edge, Safari). Bugs related to browser extensions are also out of scope.
  • Bugs requiring exceedingly unlikely user interaction.
  • Submissions which don’t include steps to reproduce the bug, or only include those steps in video form.
  • Insecure cookie settings for non-sensitive cookies.
  • Disclosure of public information and information that does not present significant risk.
  • Bugs in content/services that are not owned/operated by Cognism.
  • Scripting or other automation and brute forcing of intended functionality.
  • When in doubt, contact us at

Out of Scope

Bug Bounty Awards:

  • Critical Severity Vulnerability: $1200
  • High Severity Vulnerability: $600
  • Medium Severity Vulnerability: $300
  • Low Severity Vulnerability: $150