Bug Bounty

Welcome to the Opera Bug Bounty information page. We are passionate about the security and privacy of our users. Therefore, we do our best to improve and uphold the security of our products and services. In particular, we are happy to work and collaborate with you on security issues. Essentially, we believe that knowledge comes from many different sources, and we consider your help to be a valuable addition to our security approach.

Section overview

In case you already know what you are looking for, you can go directly there by following the links. Or feel free to read our introduction.

Introduction

We would like to invite you to participate in our private Bug Bounty Program on BugCrowd, where you can contribute to our security process ethically and to the mutual benefit of all parties.

By joining our Program, you get the opportunity to work with one of the world’s top browsers. You will get to contribute to the security community as a whole, and earn some rewards in the process.
We value any submissions of valid reports, as well as any new and innovative reports. We believe you can help us mitigate not only the most obvious attacks, but also the most obscure.

If you want to contribute to the security of Opera products and be eligible for bounties, please see instructions below on how to join our private Bug Bounty Program.

In case you just want to report a bug you have found without participating in our Bug Bounty Program, or if your bug is out of scope, please see instructions for how to submit other security reports.

CNA membership

As of December 2019, we joined the MITRE CVE program as a member of the CNA. We are now able to evaluate the submitted vulnerabilities against a range of criteria and assign CVE where appropriate.

Please read our blog post on becoming a part of the CNA program to learn more about our CNA membership.

How to join the Opera Bug Bounty Program?

Opera has a private Bug Bounty Program hosted in BugCrowd. We invite researchers and ethical hackers from across the world to participate and contribute to the improvement of Opera products.

To join our private Bug Bounty Program, you first and foremost need to be passionate and willing to make Opera products more secure.

Secondly, you need to have an account in BugCrowd which meets our program requirements.

To join the program, submit a request through this form with your BugCrowd nickname. This allows us to verify that you meet the program criteria.

Please note that only assets listed explicitly as being in scope and reported through BugCrowd will be eligible for a bounty!

Other security reports (or “Out-of-Scope” reports)

If you have found a bug or vulnerability that is out of scope for our private Bug Bounty Program or you are not eligible to participate in the Program, you can still submit your report directly to us.

To submit an Out-of-Scope report, please fill in this form with the appropriate details. Please note that a bounty for such submissions is solely at our discretion and will be handled individually, case by case.

Keep in mind that bugs that are inherited from Chromium should be reported to the Chromium Project.
We also do not accept bugs in versions of Opera that are no longer supported.

Our Android Apps

All our Android applications are listed on Google Play Security Rewards Program (GPSRP). They are eligible for bounty by Google. As such, submissions related to one or more of our Android applications may meet GPSRP criteria.

Please report any vulnerabilities to us first through this form.

If you think your vulnerability is eligible for Google’s own reward program, you can submit the report to Google once the vulnerability has been confirmed and fixed. Please see the rules listed on the GPSRP website for more information about Google’s reward program.

Please note that all bounties from the GPSRP are at Google’s discretion, and will not be handled by us.

Contact us!

If you have any questions about our Bug Bounty program, submitting Out-of-Scope issues to us or some other security related inquiry, please contact us through our designated inquiry portal. We look forward to hearing from you!