Hack the Planet, Make a Difference

OpenCIRT allows any security researcher in the World to safely report vulnerabilities to any company in the World.

That's a bold statement!

Get Started
Manifesto

How does it work

OpenCIRT acts as a "secure link" between ethical hackers and companies. We protect hackers' privacy as long as the vulnerabilities reported meet our Acceptable Hacking Policy, and we protect companies by making them aware of security issues in the most efficient, private, and responsible way.

Step 1

Submit any vulnerability found in any public-facing system, as long as it meets our Acceptable Hacking Policy.

Step 2

Our internal triage team makes sure the vulnerability is valid, impactful and well explained.

Step 3

We notify all the parties involved in the most responsible way and make sure they take the necessary steps to fix and secure.

Step 4

Congratz! You made the Internet safer. Plus, you get paid if the company spontaneously decides to reward your effort.

Start a Vulnerability Report

No VDP, no problem.

OpenCIRT has been created specifically to report vulnerabilities to companies without a Vulnerability Disclosure Policy.

While we believe a VDP is a great tool and is helpful to keep companies safe, the reality is that the big majority of companies have no idea of what is a VDP and have no plan to implement it.

Of course, this is a significant obstacle for ethical hackers who want to operate in the clear and poses a bigger risk for every internet user.

Read More / Start a Report