The integrity and security of our systems and users is very important to TripAdvisor. This is why we developed a public program that enables users to submit issues from the TripAdvisor livesite. If you find a vulnerability on our site, we definitely wish to know all about it!
We ask that you:
- Report vulnerabilities through our disclosure form by clicking here.
- Report vulnerabilities expediently, to reduce the risk of malicious actors finding and exploiting them.
- Report vulnerabilities with sufficient detail so that we may reproduce them.
On the other hand, we ask that you please do not do the following:
- Do not disclose vulnerabilities to others. TripAdvisor follows a strict non-disclosure policy.
- Do not exploit vulnerabilities any further than necessary than to prove its existence.
- Do not alter or destroy data belonging to legitimate users of the site.
If we believe your report to be valid and require further detail, we may contact you using the email address that you may have shared in the form. If you already have an account on BugCrowd under that email, we will be able to communicate and work together on that platform.