Security issue management
Invitation-only SAP Bug Bounty Program
See information about the invitational, including a list of participating products.
Report a security issue
SAP is continuously working on improving our security processes. Report a potential security issue using one of the options below.
We secure your business with strong infrastructure protection, continuous 24/7 monitoring, rapid incident response, and built-in disaster recovery. We enforce strict access controls, follow secure development practices, and maintain global certifications such as ISO 27001 and SOC reports. We provide transparency into policies, certifications, and monthly security patches through our Trust Center. While SAP protects the platform, customers manage user access and configuration under a shared responsibility model—working together to keep systems secure.
SAP customers
Report a customer security issue to find a solution and get real-time support from an expert.
Non-customers
Security researchers and other non-SAP customers can report any security vulnerability they discover in SAP products (whether on-premises or in the cloud) or on SAP-owned domains (such as the SAP Help Portal) to ensure responsible disclosure.
Security vulnerabilities that are reported will be acknowledged in our SAP Bug Bounty Program hall of fame.
Disclosure guidelines
Include the following details in the report, as applicable: issue category, affected product version with support package and patch level, necessary pre- and post-conditions for the exploit to work, description with proof of concept or exploit code, and impact of the issue if exploited.
Resources for SAP customers and partners
SAP customers and partners with a valid SAP user ID can visit My Trust Center, an area within SAP Support Portal that extends the public offering by granting access to SAP security policies, frameworks, subprocessors lists, and more.
SAP security notes
The SAP for Me portal is the central access point for customers and partners providing detailed information about their product portfolios including a list of all security notes.
SAP Security Patch Day
Fix vulnerabilities discovered in SAP products
Review notes from our monthly SAP Security Patch Day to learn about vulnerabilities discovered in SAP products and patches to protect your SAP landscape.
Acknowledging our security researchers
Learn about the security researchers who help us identify and solve vulnerabilities so that we can help maintain the safety of our customers and partners.