Intuit is committed to ensuring the security of our services and customer information. As part of this commitment, we encourage security researchers to contact us to report any potential weaknesses identified in any product, system, or asset belonging to Intuit. This program isn’t intended to represent a public bug bounty program and we make no offers of reward or compensation for submitting potential issues. We appreciate your commitment to improving Intuit services.
Security Researchers will disclose potential weaknesses in compliance with the following guidelines:
Do
Don't
Out-of-scope vulnerabilities
The following types of vulnerabilities are out of scope for this program:
All potential weaknesses submitted must include enough information to reproduce and validate the issue. Documentation should include a detailed summary of the issue, targets, steps performed, screenshots, tools utilized, and any information that will help Intuit during triage.
By following these guidelines and responsibly disclosing any security weaknesses directly to Intuit, we agree not to pursue legal action against you. Intuit reserves its legal rights in the event of noncompliance with program guidelines.
HackerOne Program
Intuit uses the HackerOne platform to manage the Responsible Disclosure Program. If you're a security researcher with a bug you'd like to report, visit https://hackerone.com/intuit_rdp. If you are unable to submit through HackerOne, or wish to remain anonymous, you can use the Responsible Disclosure Form. Submissions will be forwarded to HackerOne for triage, be sure to review the policy and scope prior to submitting.
Please be aware this program is only intended for the submission of potential security vulnerabilities. We are unable to reply to submissions outside the scope of this program. If you have an issue with your Intuit account, product or service, or have other questions or concerns, please contact security@intuit.com.
Privacy and security notice
Intuit is committed to leveraging technology in a way that provides you transparency on how we collect, process, and share personal information. In accordance with the terms of the Intuit Privacy Statement you understand and agree that, by providing us with an inquiry or a submission, we may collect certain information about you, your device, and your use of the Intuit Platform and sites.