bug bounty
What is the Bug Bounty Program?Bug Bounty program provides recognition and compensation to security researchers practising responsible disclosure. Company started Bug Bounty programs for improve their security, Cyber security researchers are finding vulnerabilities on top websites and get rewarded.

Recommended: 100+ Tools to be a pro hacker [FREE Download]

Reward Programs

  • AT&T – http://developer.att.com/developer/apiDetailPage.jsp?passedItemId=10700235
    (To submit you need to sign up to the free Developer API program)
  • Avast! – http://www.avast.com/bug-bounty
  • Barracuda – http://barracudalabs.com/
  • Coinbase – https://coinbase.com/whitehat
  • Chromium Project – http://www.chromium.org/
  • CrowdShield – https://crowdshield.com/
  • Cryptocat – https://crypto.cat/bughunt/
  • Facebook – http://www.facebook.com/whitehat/
  • Etsy – http://www.etsy.com/help/article/2463
  • Gallery – http://codex.gallery2.org/Bounties
  • Ghostscript – http://ghostscript.com/Bug_bounty_program.html (Mostly software development, occasional security issues)
  • Google – http://www.google.com/about/company/rewardprogram.html
  • Hex-Rays – http://www.hex-rays.com/bugbounty.shtml
  • IntegraXor (SCADA) – http://www.integraxor.com/blog/integraxor-hmi-scada-bug-bounty-program
  • LaunchKey – https://launchkey.com/docs/whitehat
  • Marktplaats – http://statisch.marktplaats.nl/help/
  • Mega.co.nz – http://thenextweb.com/insider/2013/02/01/kim-dotcom-puts-up-13500-bounty-for-first-person-to-break-megas-security-system/
  • Meraki – http://www.meraki.com/trust/#srp
  • Microsoft – http://www.microsoft.com/security/msrc/report
  • Mozilla – http://www.mozilla.org/security/bug-bounty.html
  • Paypal – https://www.paypal.com/us/webapps/mpp/security/reporting-security-issues
  • PikaPay – https://www.pikapay.com/pikapay-security-policy/
  • Piwik – http://piwik.org/security/
  • Ricebridge – http://www.ricebridge.com/bugs.htm (Only available to customers)
  • Ripple – https://ripple.com/bug-bounty/
  • Samsung – https://samsungtvbounty.com/
  • Simple – https://www.simple.com/policies/website-security/
  • Tarsnap – https://www.tarsnap.com/bugbounty.html
  • Qiwi – https://www.qiwi.ru/page/hack.action
  • Qmail – http://cr.yp.to/djbdns/guarantee.html
  • Yandex – http://company.yandex.com/security/index.xml
  • Zerobrane – http://notebook.kulchenko.com/zerobrane/zerobrane-studio-bug-bounty

Product & Services (Hall Of Fame Only)

  • Acquia – https://www.acquia.com/how-report-security-issue
  • ActiveProspect – http://activeprospect.com/activeprospect-security/
  • Adobe – http://www.adobe.com/support/security/alertus.html
  • Amazon.com (retail) – please email details to [email protected]
  • Android Free Apps – http://www.androidfreeapp.net/security-researcher-acknowledgments/
  • Apple – http://support.apple.com/kb/HT1318
  • Blackberry – http://us.blackberry.com/business/topics/security/incident-response-team/collaborations.html
  • Braintree – https://www.braintreepayments.com/developers/disclosure
  • Card – https://www.card.com/responsible-disclosure-policy
  • cPaperless – http://www.cpaperless.com/securitystatement.aspx
  • Chargify – https://chargify.com/security/
  • DiMartino Entertainment – http://moosikay.dimartinoentertainment.com/site/credits/
  • eBay – http://pages.ebay.com/securitycenter
  • EVE – http://community.eveonline.com/devblog.asp?a=blog&nbid=2384
  • Evernote – http://evernote.com/security/
  • Foursquare – https://foursquare.com/about/security
  • Freelancer – http://www.freelancer.com/info/vulnerability-submission.php
  • Future Of Enforcement – http://futureofenforcement.com/?page_id=695
  • Gitlab – http://blog.gitlab.com/responsible-disclosure-policy/
  • Gliph – https://gli.ph/s/security.html
  • HakSecurity – http://haksecurity.com/special-thanks/
  • Harmony – http://get.harmonyapp.com/security/
  • Heroku – https://www.heroku.com/policy/security-hall-of-fame
  • Iconfinder – http://support.iconfinder.com/customer/portal/articles/1217282-responsible-disclosure-of-security-vulnerabilities
  • Kaneva – http://docs.kaneva.com/mediawiki/index.php/Bug_Bounty
  • Kayako – https://my.kayako.com/
  • Lastpass – https://lastpass.com/support_security.php
  • Mahara – https://wiki.mahara.org/index.php
  • MailChimp – http://mailchimp.com/about/security-response/
  • Microsoft (Online Services) – http://technet.microsoft.com/en-us/security/cc308589
  • Netflix – http://support.netflix.com/en/node/6657#gsc.tab=0
  • Nokia – http://www.nokia.com/global/security/acknowledgements/
  • Nokia Siemens Networks – http://www.nokiasiemensnetworks.com/about-us/responsible-disclosure
  • Norada – http://norada.com/crm-software/security_response
  • Owncloud – http://owncloud.org/about/security/hall-of-fame/
  • Opera – https://bugs.opera.com/wizarddesktop/
  • Oracle – http://:oracle.com/technetwork/topics/security
  • Puppet Labs – https://puppetlabs.com/security/acknowledgments/
  • RedHat – https://access.redhat.com/knowledge/articles/66234
  • Risk.io – https://www.risk.io/security
  • Security Net – http://www.securitynet.org/security-researcher-acknoledgments/
  • Sellfy – https://sellfy.com/security/
  • Spotify – https://www.spotify.com/us/about-us/contact/report-security-issues/
  • Sprout Social – http://sproutsocial.com/responsible-disclosure-policy
  • Telekom – http://www.telekom.com/corporate-responsibility/security/186450
  • Thingomatic – http://thingomatic.org/security.html
  • 37signals – https://37signals.com/security-response
  • Tuenti – http://corporate.tuenti.com/en/dev/hall-of-fame
  • Twilio – https://www.twilio.com/docs/security/disclosure
  • Twitter – https://twitter.com/about/security
  • WizeHive – http://www.wizehive.com/special_thanks.html
  • Xmarks – https://buy.xmarks.com/security.php
  • Zendesk – http://www.zendesk.com/company/responsible-disclosure-policy
  • Zynga – http://company.zynga.com/security/whitehats

Product & Services (No Reward)

  • Amazon Web Services (AWS) – http://aws.amazon.com/security/vulnerability-reporting
  • Apriva – http://www.apriva.com/security
  • Authy – https://www.authy.com/security-issue
  • Blackboard – http://www.blackboard.com/footer/security-policy.aspx
  • Box – https://www.box.com/about-us/security/
  • Cisco – http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
  • Cloudnetz – http://cloudnetz.com/Legal/vulnerability-testing-policy.html
  • Contant Contact – http://www.constantcontact.com/about-constant-contact/security/report-vulnerability.jsp
  • Coupa – http://trust.coupa.com/home/security/coupa-vulnerability-reporting-policy
  • Drupal – https://drupal.org/security-team
  • EMC2 – http://www.emc.com/contact-us/contact/product-security-response-center.htm
  • Emptrust – http://www.emptrust.com/Security.aspx
  • Heroku – https://www.heroku.com/policy/security-hall-of-fame
  • HTC – http://www.htc.com/us/terms/product-security/
  • Huawei – http://www.huawei.com/en/security/psirt/report-vulnerabilities/index.htm
  • IBM – http://www-03.ibm.com/security/secure-engineering/report.html
  • KPN – http://www.kpn.com/Privacy.htm#tabcontent3
  • Lievensberg Hospital – http://www.lievensbergziekenhuis.nl/paginas/141-disclaimer.html
  • LinkedIn – http://help.linkedin.com/app/answers/detail/a_id/37022
  • Lookout – https://www.lookout.com/responsible-disclosure
  • Millsap Independent School District – http://www.millsapisd.net/BugReport.cfm
  • Modus CSR – http://www.moduscsr.com/security_statement.php
  • PagerDuty – http://www.pagerduty.com/security/disclosure/
  • Panzura – http://panzura.com/support/panzura-security-policy/
  • Pidgin – http://pidgin.im/security/
  • Plone – http://plone.org/products/plone/security/advisories
  • Pop Group – http://www.popgroupglobal.com/security.php
  • Reddit – http://code.reddit.com/wiki/help/whitehat
  • Relaso – http://relaso.com/disclosure
  • Salesforce – http://www.salesforce.com/company/privacy/security.jsp#vulnerability
  • Simplify – http://simplify-llc.com/simplify-security.html
  • Skoodat – http://www.skoodat.com/security
  • Scorpion Software – http://www.scorpionsoft.com/company/disclosurepolicy/
  • Square – https://squareup.com/security/levels
  • Symantec – http://www.symantec.com/security/
  • Team Unify – http://www.teamunify.com/__corp__/security.php
  • Tele2 – http://www.tele2.nl/klantenservice/veiligheid/tele2-en-veiligheid.html
  • T-Mobile (Netherlands) – http://www.t-mobile.nl/Global/media/pdf/privacy_statement_juni_2012.pdf
  • UPC – http://www.upc.nl/internet/veilig_internet/beveiligingsproblemen/
  • Viadeo – http://www.viadeo.com/aide/security/
  • Vodafone (Netherlands) – http://over.vodafone.nl/vodafone-nederland/privacy-veiligheid/beveiliging-en-bescherming/wat-doet-vodafone/meld-een-beveilig
  • VSR – http://www.vsecurity.com/company/disclosure
  • X.commerce – http://www.x.com/security
  • Xen – http://www.xen.org/projects/security_vulnerability_process.html
  • Ziggo – https://www.ziggo.nl/#klantenservice/internet/risicos-op-internet/meldpunt-beveiligingslekken

See Also: 90 Ebooks To Learn Hacking [FREE DOWNLOAD]

Meanwhile, Check Out All These Lists about Hacking Tutorials and Tools.

If, you know of any bug bounty programs going on and hasn’t been featured on this list, let us know in the comments, we will add it to the post.

1 COMMENT

LEAVE A REPLY

Please enter your comment!
Please enter your name here


CAPTCHA Image
Reload Image