Let the platform do the work
SugarClubContact+1 (877) 842-7276

SugarCRM Bug Bounty Program

SugarCRM's bug bounty program is designed to reward eligible bug hunters who discover and discreetly report verified security bugs in Sugar products and services. Our intent is to reward folks who help us keep Sugar secure.

How Do I Report a Bug to SugarCRM?

Our bug bounty program is now managed by HackerOne.

If you have any questions about our bug bounty program, please email secure@sugarcrm.com.

Do not engage in any unlawful access to Sugar systems and please remember that going public with a potential security vulnerability will rescind eligibility for rewards and may subject you to legal action. We reserve the right to take appropriate measures, including notifying authorities and law enforcement, in any cases of such unauthorized access or any other violations of the terms and conditions of this program.

In addition to the terms, requirements, or prohibitions contained in this document, this program and your participation in this program is governed by Sugar's Terms of Use, which currently are accessible at https://www.sugarcrm.com/legal/site-terms-of-use, the Program Rules (account required)HackerOne Disclosure Guidelines, and Code of Conduct.

SugarCRM reserves the right to temporarily halt, amend, or terminate this program at any time. This program is void where prohibited by law. Reward recipients are solely responsible for all taxes and associated responsibilities incurred as a result of receipt of a reward. This program shall be governed by the laws of the State of California.