Join the Opera Bug Bounty program, find vulnerabilities in scope, tell us how you did it, and collect rewards. We pay up to $10K for confirmed high-value submissions.
Opera has two bug bounty programs operated by BugCrowd, one public and one private. The scopes do not overlap, and they cover nearly all of Opera’s public web surface, IP ranges, and products. Both programs’ scopes are divided into primary and secondary targets, with different bounty ranges. You can score up to $10K in both categories, in both programs.
How to sign up
Please read the scope of the program before you start any testing. There is a lot of important information that will help you understand Opera’s priorities and reward philosophy. Long story short, if you’re primarily after money, focus on the primary target group and high-severity vulnerabilities as per BugCrowd’s Vulnerability Rating Taxonomy.
Opera Android apps
Our Android applications are listed in the Google Play Security Rewards Program (GPSRP), and therefore are eligible for bounty by Google. As such, submissions related to one or more of our Android applications may also meet GPSRP criteria. Please report any vulnerabilities to us first through the public bug bounty program if the respective app is in scope, or by using this form if it’s not.
If you think the vulnerability is eligible for Google’s reward program, you can submit a report to Google once the vulnerability has been confirmed and fixed. Please read the rules listed on the GPSRP website for more information about Google’s reward program.
Reporting issues directly
If you don’t want to join our bug bounty programs, you can always report a finding to us directly. Note that you will not be paid anything for such submissions. However, you can be added to the Hall of Fame.