The security of our products and services is a top priority for the BMW Group. That is why we expressly appreciate and respect the work of security experts. Help us identify potential vulnerabilities so that we can fix them as quickly as possible.
For this purpose, the BMW Group operates a bug bounty program, which allows you to report vulnerabilities affecting the BMW Group or one of its brands. For more information, please see the respective program details.
For web/application related security topics:
BMW Group Public Program: https://app.intigriti.com/programs/bmw/bmwgroup
For vehicle-related security topics:
BMW Group Automotive Program: https://app.intigriti.com/programs/bmw/bmwgroup-automotive
Tips for reporting vulnerabilities:
- External reporters are asked to report vulnerabilities exclusively via the bug bounty program.
- Vulnerabilities that are reported to us via other channels are expressly excluded from a bounty.
- We ask internal reporters to use the internal contact options provided for this purpose.