The security of our products and services is top priority for us – so we naturally respect and appreciate the work of security experts in this area. You can also help us by identifying vulnerabilities so we can address them.
BMW Group is relaunching the Bug Bounty Program and will work with a new provider. There will be further changes in the composition of the program. These changes can be viewed on our program page at Intigriti. These pages will become available on April 3rd 2024.
In case you have found a vulnerability, please submit your report directly through our Bug Bounty program at Intigriti.
For web/application related security topics:
BMW Group Public Program: https://app.intigriti.com/programs/bmw/bmwgroup
For vehicle-related security topics:
BMW Group Automotive Program: https://app.intigriti.com/programs/bmw/bmwgroup-automotive
Notes on how to report vulnerabilities:
- Please refer to our policy on reporting and publishing vulnerabilities and our response times.
- Please submit your report in English or German, if possible.
- Please specify to which website or area you are referring (Asset) and which vulnerability type (Weakness) it is.
- In the case of a report that cannot be assigned to any of the listed assets, please select "Other Vulnerabilities" and note the information on potentially deviating regulations.
- So that we can understand your report quickly and efficiently, please include a proof of concept and a detailed description.
- Please give us time to develop and roll out countermeasures, before you make technical details public (Responsible Disclosure).