Intuit is committed to ensuring the security of our services and customer information. As part of this commitment, we encourage security researchers to contact us to report any potential weaknesses identified in any product, system, or asset belonging to Intuit. This program isn’t intended to represent a public bug bounty program and we make no offers of reward or compensation for submitting potential issues. We appreciate your commitment to improving Intuit services.
Security Researchers will disclose potential weaknesses in compliance with the following guidelines:
The following types of vulnerabilities are out of scope for this program:
All potential weaknesses submitted must include enough information to reproduce and validate the issue. Documentation should include a detailed summary of the issue, targets, steps performed, screenshots, tools utilized, and any information that will help Intuit during triage.
By following these guidelines and responsibly disclosing any security weaknesses directly to Intuit, we agree not to pursue legal action against you. Intuit reserves its legal rights in the event of noncompliance with program guidelines.
Intuit will review and promptly acknowledge any submitted issue within three business days of submission through its web form, found here: Responsible Disclosure Form
You may also submit any inquiries or submissions via firstname.lastname@example.org
Intuit also uses the HackerOne platform to conduct a private bug bounty program. If you’re a security researcher with a bug you’d like to report, log in to your HackerOne account to get started.
Privacy and security notice
Intuit is committed to leveraging technology in a way that provides you transparency on how we collect, process, and share personal information. In accordance with the terms of the Intuit Privacy Statement you understand and agree that, by providing us with an inquiry or a submission, we may collect certain information about you, your device, and your use of the Intuit Platform and sites.