Zapier has enabled threat detection software and enforces continual threat modelling exercises to identify and plan for any vulnerabilities in our environment.
Zapier undergoes an external penetration test by an independent third party on an annual cadence, at minimum.
Zapier’s Security Exploit Bug Bounty Program acknowledges the work independent security researchers do by flagging vulnerabilities Zapier might not be aware of, with a discretionary reward system. There’s no maximum amount: Zapier looks at each vulnerability on a case by case basis.
Three key points to keep in mind if you find something to report:
- Please let Zapier know as soon as possible.
- Don’t test against Zapier users’ private data.
- Zapier welcomes the opportunity to work together with you and close the vulnerability prior to revealing the vulnerability to others.