Portal Portal Forum Forum Devolutions Force Devolutions Force Hub Business Hub Business Hub Personal Hub Personal Devolutions Send Devolutions Send Download RDM RDM Workspace Workspace Launcher Launcher
Solutions
Remote Connection
Remote connection management
Boost productivity, decrease costs, and increase security with a centralized platform where you can manage a wide range of remote connections and tools.
Remote Connection
Password management
Improve your security strategy without reducing productivity by using a password management solution.
Remote Connection
Privileged access management
Diminish the risk of insider threats and cyberattacks while providing audit and compliance requirements for your team.
Remote Connection
Remote access management
Establish a secure entry point for internal or external segmented networks that require authorized just-in-time (JIT) access.
Remote Connection
Use cases
In the technology world, use cases are only as good as the value someone derives from them. That's why at Devolutions we craft straightforward example use cases to help you and your team choose the best solution for your ideal productive environment.
Products
Remote Desktop Manager
The best remote connection manager in the industry
 Devolutions Hub
Cloud-hosted password manager built for IT professionals
 Devolutions Server
Self-hosted credential manager built for IT professionals
 Devolutions PAM
Privileged access manager built for IT professionals
 Devolutions Gateway
Secure remote access management — no VPN required
 Devolutions Free
We believe in making powerful tools accessible to everyone
Companion Tools
Workspace
Mobile, desktop application & browser extension
Launcher
Remote connection launching tool
PowerShell
Cmdlets that interact with Devolutions products
Devolutions Send
Secrets sharing made quick, secure, and simple
Support
Devolutions blog
Devolutions blog
Stay up to date with our weekly articles on our blog, In The Trenches.
Community forum
Community forum
The Devolutions Forum is the place to go to connect with your peers and the Devolutions team.
Devolutions documentation
Devolutions documentation
Get answers to product specifications, settings and more on our documentation.
Knowledge base
Knowledge base
Popular Knowledge Base articles solving common roadblocks and helping using best pratices.
Contact our support team
HELP
PHONE
Level 1 support only — Monday to Friday: 7:30 a.m. to 6:00 p.m. EDT
Report a security issue
While we do take care of the security of our products, the fast-changing nature and complexity of security may inadvertently expose our software. Please check out our security commitment for more information.
RESOURCES
Use cases Success stories Report & whitepapers Legal & privacy Security & compliance Miscellaneous Glossary (IT and security) Newsroom Media
Contact Send message
Send message
 Call me
Call me
 Technical support Sales Contact information
About Us Devolutions Timeline Lifestyle
Careers Welcome Available positions Spontaneous application
Newsroom Press releases Newsletters In the news
Media Devolutions logos Wallpapers
Security & Compliance Security Report a security issue Advisories

Devolutions Security
Bug Bounty Program

Devolutions Inc. is dedicated to performing exceptional due diligence when developing and delivering solutions, in order to prevent and mitigate threats that may have a negative impact upon our customers' data, and upon our ability to provide safe, reliable, and compliant products and services. To achieve this critical objective, we employ industry-leading frameworks, standards, controls, processes, and best practices, including our private Bug Bounty Program.

About the Program

Transparency is a core fundamental value at Devolutions, as it fosters healthy relationships, establishes trust, and promotes a culture of openness, improvement and innovation. Our Bug Bounty Program, which is rooted in our commitment to transparency, encourages researchers to try to “attack and break” our products, so that we can proactively fortify vulnerabilities and fix coding/programming errors.

Please note that at this time, enrollment in our Bug Bounty Program is by invitation only.

Responsible Disclosure

We continuously encourage researchers and customers to report identified vulnerabilities. To better protect our customers, reports remain confidential until vulnerabilities have been confirmed, resolved and released into production by Devolutions. We strive to do our best to address vulnerabilities within a reasonable and industry-acceptable timeframe.

Reporting a Security Issue

While we do take care of the security of our products, the fast-changing nature and complexity of security may inadvertently expose our software or supporting infrastructure to vulnerabilities. If you identify such a vulnerability, please send us your report in a timely manner at security@devolutions.net. The report should include the following items:

  • Proof-of-concept code and relevant screenshots to help us confirm and reproduce findings.
  • Justification of how the impacts may affect our organization and/or customers if exploited.
  • Proposed fix, if possible and applicable.

Once submitted, allow us a reasonable time frame to provide some feedback. Our security team must:

  • Reproduce and confirm the vulnerability as described in your report.
  • Establish a severity score according to CVSS 3.1.
  • Consider the recommendations from your report and build an action plan with relevant teams.
  • Maintain communication with the reporter until the case is resolved.

We kindly ask to maintain the report and its content confidential until the appropriate corrective measures are released in production. Please also note that exploiting a reported vulnerability abusively or for illegal, malicious or other inappropriate purposes may result in legal prosecutions against the reporter, which could lead to civil or criminal liability. An action is considered abusive or inappropriate when its purpose compromises customer-related or internal confidential information in an undue or disproportionate manner, or when such an action has some other aim than the demonstration of a vulnerability.

Rewards

Researchers are rewarded for reported vulnerabilities* in three important ways:

1
Once a vulnerability is fixed and a patch is released to production, researchers can publicize their discovery and contribution on their blog/social media pages. Doing this elevates their profile and standing in the IT & IT security communities and may support career advancement goals.
2
2. We offer financial rewards** based on the severity of each reported vulnerability using the CVSS 3.1 standard. For high-risk issues (e.g. exploitable high/critical), researchers can earn up to $1,500.00 per issue (USD).
3
3. From time to time, we may also provide participating researchers with Devolutions-branded merchandise.

*A vulnerability is a hole or a weakness in the application, which can be a design flaw or an implementation bug, that allows an attacker to cause harm to the stakeholders of an application. Stakeholders include the application owner, application users and other entities that rely on the application.

**Payout amounts vary according to the quantity of vulnerabilities or affected components, as well as the overall quality of the report.

How to Enroll

At this time, enrollment in our Bug Bounty Program is by invitation only. Invitation codes will be provided to security researchers and customers at various events throughout the year (e.g. Hackfest, NorthSec, etc.). If you have received your invitation code, email us (referencing your code) at security@devolutions.net. for enrollment instructions.

By registering for our Bug Bounty Program, you authorize us to communicate with you by email to respond to your submissions, requests and inquiries, and for other purposes related to the management of the program or your participation in the program in general.

Want to report a bug or learn more about the program?

Sysadminotaur Phil Contact the Security Team