Fortnox does not have a public bug bounty program. If you're looking for a reward for a security bug you might have found please contact our bug bounty platform provider Intigriti, https://intigriti.com.
All Fortnox domains and subdomains are from now off target (out of scope) for non-intigriti researchers and any active scanning or sniffing will be recognized as malicious.
We do encourage you to inform us about any security bugs you encounter through ordinary passive browsing. Please contact support for further information. These submissions are pro bono and you can not get any bug bounty reward.