PolarSSL is now part of ARM Official announcement and rebranded as mbed TLS.

Bug bounty programs

Bounty programs

We believe in the power of the security researcher community to keep our user's information and our mbed TLS code secure. We offer a bug-bounty program for our C library. The program for the website has been suspended for now.

Program 1: mbed TLS C library


For our C library, security from remote exploits is very important! So we really like to hear from you if you find any serious vulnerabilities in our code. So we started our C library bug bounty program to be able to give something back for the effort!

Who can join?

Anybody can join! In general we are contacted by the following types of people:

  • (Senior) Software Developers
  • Whitehat security researchers
  • Static analysis teams

Program 2: mbed TLS website (suspended)