Portal Portal Forum Forum Devolutions Force Devolutions Force Hub Business Hub Business Hub Personal Hub Personal Devolutions Send Devolutions Send Devolutions Academy Devolutions Academy Download RDM RDM Workspace Workspace Launcher Launcher
Boost productivity, decrease costs, and increase security with a centralized platform where you can manage a wide range of remote connections and tools.
Improve your security strategy without reducing productivity by using a password management solution.
Diminish the risk of insider threats and cyberattacks while providing audit and compliance requirements for your team.
Establish a secure entry point for internal or external segmented networks that require authorized just-in-time (JIT) access.
Solutions
Starter pack
All-in-one IT security toolbox for small teams.
Explore all solution packages
Quick overview
Products
The best remote connection manager in the industry
Privileged access manager built for IT professionals
Mobile, desktop application & browser extension
Remote connection launching tool
Secure remote access management — no VPN required
We believe in making powerful tools accessible to everyone
Data Sources
Companion Tools
Resources
Your FREE go-to hub for mastering Devolutions' suite of products and services.
The Devolutions Forum is the place to go to connect with your peers and the Devolutions team.
Get answers to product specifications, settings and more on our documentation.
Stay up to date with our weekly articles on our blog, the toolbox for your IT success.
Use cases Success stories Reports & white papers Glossary (IT and security)
Contact Send message
Send message
 Call me
Call me
 Technical support Sales Contact information
About Us Devolutions Timeline Lifestyle
Careers Welcome Available positions Spontaneous application
Newsroom Press releases Newsletters In the news
Media Devolutions logos Wallpapers
Security & Compliance Report a security issue Advisories Trust Center Legal & privacy
Bug bounty icon

Reporting a Security Issue

Advisories Reporting a Security issue Trust Center

Devolutions Inc. is dedicated to performing exceptional due diligence when developing and delivering solutions, in order to prevent and mitigate threats that may have a negative impact upon our customers' data, and upon our ability to provide safe, reliable, and compliant products and services. To achieve this critical objective, we employ industry-leading frameworks, standards, controls, processes, and best practices, including our private Bug Bounty Program.

About the program

Transparency is a core fundamental value at Devolutions, as it fosters healthy relationships, establishes trust, and promotes a culture of openness, improvement and innovation. Our bug bounty program, which is hosted on YesWeHack.com, encourages researchers to try to “attack and break” our products, so that we can proactively fortify vulnerabilities and fix coding/programming errors.

Please note enrollment in our bug bounty program is currently by invitation only via YesWeHack.com.
To request an invitation, please contact us at security@devolutions.net.

Responsible disclosure

We continuously encourage researchers and customers to report identified vulnerabilities. To better protect our customers, reports remain confidential until vulnerabilities have been confirmed, resolved and released into production by Devolutions. We strive to do our best to address vulnerabilities within a reasonable and industry-acceptable timeframe.

Reporting a security issue

While we do take care of the security of our products, the fast-changing nature and complexity of security may inadvertently expose our software or supporting infrastructure to vulnerabilities. If you identify such a vulnerability, please send us your report in a timely manner through our YesWeHack program. The report should include the following items:

  • Proof-of-concept code and relevant screenshots to help us confirm and reproduce findings.
  • Justification of how the impacts may affect our organization and/or customers if exploited.
  • Proposed fix, if possible and applicable.

Once submitted, allow us a reasonable time frame to provide some feedback. Our security team must:

  • Reproduce and confirm the vulnerability as described in your report.
  • Establish a severity score according to CVSS 3.1.
  • Consider the recommendations from your report and build an action plan with relevant teams.
  • Maintain communication with the reporter until the case is resolved.

We kindly ask to maintain the report and its content confidential until the appropriate corrective measures are released in production. Please also note that exploiting a reported vulnerability abusively or for illegal, malicious or other inappropriate purposes may result in legal prosecutions against the reporter, which could lead to civil or criminal liability. An action is considered abusive or inappropriate when its purpose compromises customer-related or internal confidential information in an undue or disproportionate manner, or when such an action has some other aim than the demonstration of a vulnerability.

Sysadmin Gift

Rewards

Researchers are rewarded for reported vulnerabilities* in three important ways:

1

Once a vulnerability is fixed and a patch is released to production, researchers can publicize their discovery and contribution on their blog/social media pages. Doing this elevates their profile and standing in the IT & IT security communities and may support career advancement goals.

2

We offer financial rewards** based on the severity of each reported vulnerability using the CVSS 3.1 standard. For high-risk issues (e.g. exploitable high/critical), researchers can earn up to $5,000.00 per issue (USD).

3

From time to time, we may also provide participating researchers with Devolutions-branded merchandise.

*A vulnerability is a hole or a weakness in the application, which can be a design flaw or an implementation bug, that allows an attacker to cause harm to the stakeholders of an application. Stakeholders include the application owner, application users and other entities that rely on the application.

**Payout amounts vary according to the quantity of vulnerabilities or affected components, as well as the overall quality of the report.

How to enroll

At this time, enrollment in our bug bounty program is by invitation only. Invitation codes will be provided to security researchers and customers at various events throughout the year (e.g. Hackfest, NorthSec, etc.). If you have received your invitation code, email us (referencing your code) at security@devolutions.net. for enrollment instructions.

By registering for our bug bounty program, you authorize us to communicate with you by email to respond to your submissions, requests and inquiries, and for other purposes related to the management of the program or your participation in the program in general.

Want to join or learn more about the program?

Contact the security team to join Devolutions’ closed bug bounty program!

Phil presenting
Contact the Security Team
ENGLISH FRANÇAIS DEUTSCH
CONTACT US

Helping organizations control the IT chaos by providing highly-secure password, remote connection and privileged access management solutions.

DEVOLUTIONS

Legal & privacy | infos@devolutions.net

All rights reserved © 2025 Devolutions