The Avast bug bounty program

The Avast bug bounty program was designed to reward security researchers for finding issues in our software.

How to report a bug and qualify for the bounty:

  • Please submit bugs to email address It is recommended to encrypt your email - here's our PGP key.
  • A good bug report needs to contain sufficient information to reliably reproduce the bug on our side. Please include all information that may be relevant – your exact environment, detailed bug description, sample code (if applicable) etc. It also needs to contain a decent analysis – this is a program designed for security researchers and software developers and we expect certain quality level.
  • You will receive a response from an Avast team member acknowledging receipt of your email, typically within 24 hrs. If you do not receive a response, please do not assume we’re ignoring you – we will do our best to follow up with you asap. Also, in such a case it is possible your email didn’t make it through a spam filter - so resending it may be a good idea in this case.

Basic Rules