Twilio’s Bug Bounty Program: Celebrating 10 years of Bug Bounty

Twilio’s Bug Bounty Program: Celebrating 10 years of Bug Bounty

Twilio has grown a lot in the past five years, including our Bug Bounty program. We have benefited from partnering closely with talented researchers from around the world, who have built a community to help protect Twilio and our customers. This year, we bring you an updated brief to better serve our researchers, customers, and Twilions!

Twilio’s Bug Bounty: highlights and achievements

We've had a Bug Bounty for ten years and have learned quite a bit about running a good program. We're excited to highlight our progress and share some of our Bug Bounty statistics from the last decade.

Some highlights to call out:

• In-scope mergers and acquisitions (M&As) are all under one Twilio program.
• Increased some payouts to eliminate gaps between pay ranges.
• Refreshed our scope and clarified language.
• Introduced a new submission template.
• Merged account requirements into one section.
• Removed out-of-date quarterly focus areas. Be on the lookout for future announcements!

To celebrate our 10 year achievement, we want to share some numbers:

• ~2.5k number of unique researchers¹
• 10k+ total lifetime submissions² (over 500 in 2024³)
• 3.34 Days faster than industry average on days to accept submissions⁴

Additionally, we just launched Twilio’s new Vulnerability Disclosure program at https://www.twilio.com/en-us/security/vulnerability-disclosure-program . Our Vulnerability Disclosure Program is open to all—whether you're a customer, professional security researcher (who does not meet the Bug Bounty Program requirements), or someone who has discovered a potential issue. While this program doesn't offer monetary rewards, your contribution is invaluable to us.

A huge “THANK YOU!” to YOU, our researcher community!

Thank you to all the researchers who have collaborated with us to improve Twilio’s security. We appreciate your dedication and patience as we continue to make improvements to our program. Your hard work has not gone unnoticed, and we hope to continue to grow our partnership in the future.

Special thanks to our top 3 researchers through the years:

https://bugcrowd.com/danieloizo

https://bugcrowd.com/m0chan

https://bugcrowd.com/miky

As we continue to mature through 2025, keep an eye on our program for additional updates. We’ll continue our own improvements internally by reducing triage time and increasing internal education opportunities.

¹ Bugcrowd Twilio Summary Report, data pulled Jan 27 2025
² Bugcrowd Twilio Summary Report, data pulled Jan 27 2025
³ Bugcrowd Twilio Insights Overview Jan 1 - Dec 31 2024, data pulled Jan 27 2025
⁴ Bugcrowd Twilio Industry Comparison Report, data pulled Jan 9 2025