IKEA Responsible Disclosure Program Rules

Internet facing solutions are always at risk of attack. Vulnerabilities are found and exploited.

A part from SDLC, IKEA uses various vulnerability scanning and penetration testing methods to find and fix security vulnerabilities in our solutions.

IKEA recognizes the need to approach the cybersecurity community in order to protect customer data and work together to have more secure solutions and applications, and this Responsible Disclosure Program adds an extra layer to our IT security testing, where individuals, developers and experts (a.k.a. researchers) can find and report security related bugs in the software - before someone else does.

It's time for bugs to bug off :)

Terms and Conditions

In order to adhere to the terms in this Responsible Disclosure Policy, you're prohibited from:

Responsible Disclosure for IKEA.com

× IKEA would like to thank everyone for spending their time on reporting vulnerabilities to us. Since Responsible Disclosure is a new concept to IKEA, we are currently working hard in order to establish clear guidelines and become more mature in our ways of working. We thank you for your understanding and patience during this time.

You are welcome to report all vulnerabilities you find connected to the IKEA IT solutions. In general, IKEA does not pay bounties for vulnerabilities reported within the Responsible Disclosure Program. However, a committee will evaluate in a monthly basis each submission of severity high and critical and might pay a reward depending on the business impact of the finding.

To make clear what IKEA considers most important, the following solutions are what we would like you to focus on:

Solutions in scope:

Please note that the scope that is eligible for bounties may change at any given time.

Vulnerabilities accepted:

Out of scope for all solutions:

Please submit your findings here: Responsible Disclosure Platform

Responsible Disclosure for IKEA Trådfri

In future, IKEA will launch a new program separately for reporting vulnerabilities connected to the Trådfri range. As soon as this new program is launched, the link and additional information will be published here.