Bug Bounty Programs in 2019

Posted on by Damien
A list of current bug bounty programs in 2019 to help easily identify security conscious-companies and make money submitting reports.

Bug bounty programs have become a solid staple to help turn hackers and computer security researchers away from any black hat activity while still providing an income avenue.

It makes the web and systems more secure as a whole, by effectively opening up red team work to anyone who can get the work done.

Some companies are not particularly pleased when a critical system is breached, so it’s important to know which companies are offering bounties open to everyone or only established researchers (normally through invite programs).

Responsible disclosure agreements ensure the company with the bug bounty program in place is protected, without hurting the lucky analyst’s bank account in any way.

There are multiple programs out there, and it’s difficult to keep track with such a large and dynamic list. We’ve taken the time here at Security Zap to provide a roundup of the publicly available bug bounty programs currently on offer.

Time to roll up the sleeves and hunt some bugs.

Name of the programBug Bounty Program UrlRewards
Avirahttps://bugcrowd.com/avira$100 ? $2,500 per vulnerability
Alvosechttps://firebounty.com/bug-bounty-program/766/alvosecMinimum reward $5
Aspenhttps://firebounty.com/bug-bounty-program/853/aspenAt this time, we are not awarding bounties or cash rewards for reported vulnerabilities.
AlienVaulthttps://firebounty.com/bug-bounty-program/869/alienvault/
Ardourhttps://ardour.org/support_expectations.html/
Aerohivehttps://www.aerohive.com/support/security-center//
ActiveCampaignhttps://www.activecampaign.com/security/bounty//
Abacushttps://bugcrowd.com/abacusPoints per vulnerability.
Abn Amrohttps://hackerone.com/abnamroYou might get a reword based on the issue you report
Admiralhttps://hackerone.com/getadmiralAdmiral will determine in its own discretion whether a reward should be granted and the amount of the reward
AligeBitshttps://hackerone.com/agilebits/
Algoliahttps://hackerone.com/algoliaMinimum reward is $100 for security vulnerabilities
Alibabahttps://hackerone.com/alibaba/
Aliexpresshttps://hackerone.com/aliexpress/
Androidhttps://hackerone.com/androidAndroid provides rewards depending on the issue that is found, public recognition is included as well. Te reward is from $330 to $200,000 vulnerabilities
Apache httpdhttps://hackerone.com/ibb-apacheThe rewrads go from $100-$3000 depending on the vulnerabilities
Aptiblehttps://hackerone.com/aptibleAptible awards security researchers cash and prizes for reporting vulnerabilities. You can send them an email
Artsyhttps://hackerone.com/artsyTipical reward is from $25. Some more severe issues can be $100. The maximum amount for any issue that the bug bounty program pays for single issue is of $250.
Asanahttps://hackerone.com/asanaOnly 1 bounty will be awarded per vulnerability. Asana have no minimum/maximum amount; rewards are based on severity, impact, and report quality.
AT&Thttps://hackerone.com/attThe bounties range from $100 to $5,000 depending on the ranking of the Bug or Bug Reporter.
BlaBlaCarhttps://firebounty.com/bug-bounty-program/897/blablacar$50 reward
Avast!https://hackerone.com/avastYou can submit bugs by email. The base payment is $400 per bug. Depending on the criticality of the bug (as well as its neatness) the bounty goes much higher (each bug is judged independently by a panel of Avast experts). Remote code execution bugs pay at least $6,000 ? $10,000 or more.
Blendhttps://firebounty.com/bug-bounty-program/776/blend$100 reward
Buildkitehttps://firebounty.com/bug-bounty-program/787/buildkiteThe rewards go from $50-$1000
Big Monoclehttps://firebounty.com/bug-bounty-program/826/big-monocle/
Badoohttps://hackerone.com/badooVulnerabilities will be ranked from category 5 (œ1000) to category 1 (œ100), depending on their severity. The Badoo jury determines the severity of the vulnerability.
Barracuda Networkshttps://hackerone.com/barracudaPoints per vulnerability
Belastingdiensthttps://hackerone.com/belastingdienst/
Bimehttps://www.bimeanalytics.com/The bounty goes from $50 to $1000
Binaryhttps://hackerone.com/binaryBounty from $10-$1000
Bitcoin dehttps://hackerone.com/bitcoin_deThe rate depends on the size and relevance of the safety leaks.
Bitdefenderhttps://hackerone.com/bitdefenderYou can submit vulnerabilities by email. There si no fixed reward, the minimum is from $100
Bitnethttps://hackerone.com/bitnet/
Blackphonehttps://hackerone.com/blackphoneThe standard reward is $128.00 USD. eward amounts may vary depending upon the severity of the vulnerability reported.
Blockstackhttps://hackerone.com/blockstackThe reward goes from $25-$600
Bloggerhttps://hackerone.com/bloggerThis application is covered under the Google Vulnerability Reward Program. The reward depnds from category.Rewards for qualifying bugs range from $100 to $31,337
Bookinghttps://hackerone.com/bookingcom/
Brave Softwarehttps://hackerone.com/brave/
BrickFTPhttps://hackerone.com/brickftpBrickFTP pays from $100 to $5,000 forsignificant security vulnerability .
Bugcrowdhttps://hackerone.com/bugcrowdRewards go from $0 dollars if you submit a problem that is in P5 level and up to $10 000 for a vulnerabilitie that is in P1 level.
Bugifyhttps://hackerone.com/bugifyOnly 1 bounty will be awarded per vulnerability. No minimum/maximum amount; rewards are based on severity, impact, and report quality.
Bumblehttps://hackerone.com/bumbleVulnerabilities will be ranked from category 5 (œ1000) to category 1 (œ100), depending on their severity.
BuzzFeedhttps://hackerone.com/buzzfeedBuzzFeed, at its sole discretion, may provide rewards to researchers for confirmed and resolved qualifying vulnerability reports.
CCM Benchmark Grouphttps://firebounty.com/bug-bounty-program/845/ccm-benchmark-groupMinimum, by a 50? and Hall of fame recognition
Crowdstrikehttps://firebounty.com/bug-bounty-program/875/crowdstrikeThe rewards go from $250-$3000
Cupcakehttps://cupcake.io/security/
CARDhttps://hackerone.com/card$50 ? $500 per vulnerability
Chegghttps://hackerone.com/cheggThere is no information about this bug bounty program
ChinaNetCloudhttps://hackerone.com/chinanetcloudYou can submit a report on their email address. There is no information about bounty reward
Chromehttps://hackerone.com/chromiumRewards for qualifying bugs typically range from $500 to $100,000.
Cobalthttps://hackerone.com/cobalt/
Cobinhoodhttps://hackerone.com/cobinhoodThe price goes from $100-$4000
Coinbasehttps://hackerone.com/coinbaseThe price goes from $100-$50 000
CoinJarhttps://hackerone.com/coinjarCoinJar rewards one bounty per bug in Bitcoin
Coinkitehttps://hackerone.com/coinkite/
Contentfulhttps://hackerone.com/contentfulThe vulnerabilities reported on all the other parts of the Contentful platform are currently not eligible for monetary reward. High-impact vulnerabilities outside of this scope might be considered on a case by case basis.
cPanelhttps://hackerone.com/cpanelMoney and public recognition
Cryptocathttps://hackerone.com/cryptocatCopycat rewards include money, stickers and t-shirts and mention on Wall of Unquestionable Greatness!
Duolingohttps://firebounty.com/bug-bounty-program/846/duolingo/
Deconfhttps://hackerone.com/deconf_comAt this time, we are not awarding bounties or cash rewards for reported vulnerabilities
Dashlanehttps://hackerone.com/dashlaneMinimum reward is $100 USD, but reward amounts may vary depending upon the severity of the vulnerability reported
Data Processing (IBB)https://hackerone.com/ibb-data/
De Nederlandsche Bankhttps://hackerone.com/dnb_nl/
de Volksbankhttps://hackerone.com/devolksbank/
Deliveroohttps://hackerone.com/deliverooRewards go from $150-$2500
Deutsche Telekomhttps://hackerone.com/deutschetelekomThere are several condition that needs to be followed to get a reward.
DIRECTVhttps://hackerone.com/directvThe bounties range from $250 to a potential maximum award of $20,000
Discoursehttps://hackerone.com/discourseThe rewards go from $128-$512+
Djangohttps://hackerone.com/djangoBounty amounts are based on severity and will range from $250 to $3,000 USD.
Dropboxhttps://hackerone.com/dropboxThe rewards go from $12,167-$32,768
DuckDuckGohttps://hackerone.com/duckduckgo/
Dysonhttps://www.dyson.com/en.htmlDyson doesn't pay for reports outside of Bug Bounty programme.
Ecromhttps://bountyfactory.io/ercom/cryptobox-bug-bounty
Electroneumhttps://hackerone.com/electroneumRewards go from $100-$1000
Electronic Frontier Foundationhttps://hackerone.com/effNon-cash rewards
Eobothttps://hackerone.com/eobotcomThe rewards go from $10 (Minimum bounty)
Ethereumhttps://hackerone.com/ethereumThe rewrads are ranged by points. One point corresponds to 1USD. The points goe from 500 to 25 000
Etsyhttps://hackerone.com/etsyThe rewards go from$100-$1500 and you get to be on their hall of fame
FormAssemblyhttps://firebounty.com/bug-bounty-program/765/formassembly/
F-Securehttps://hackerone.com/fsecureThe rewards go from $500-$15000
F. Hoffmann-La Roche Ltd.https://hackerone.com/roche/
Facebookhttps://hackerone.com/facebookThe minimum reward is $500.
FlexiSPYhttps://hackerone.com/flexispyltdRewards range from $100???$5,000
Fox-IThttps://hackerone.com/foxitMinimum of a ?50 voucher.
Ghostscripthttps://hackerone.com/ghostscriptAccepted fixes for bugs at P1 and P2 pay a bounty of US$1000 each. Bugs at lower priorities and 'normal' importance pay US$500 per bug. Bugs designated with 'trivial' or 'minor' importance pay a negotiated amount, typically US$100 per bug.
GitHubhttps://hackerone.com/githubRewards range from $200 up to $10000
GlassWirehttps://hackerone.com/glasswireGlassWire offers rewards for bugs but the amount is not speicified
GoDaddyhttps://hackerone.com/godaddy/
Googlehttps://hackerone.com/googleRewards for qualifying bugs range from $100 to $31,337
Google Play Security Reward Programhttps://developer.android.com/distribute/The rewards go from $1000-$5000.
Grabtaxi Holdings Pte Ltdhttps://hackerone.com/grabThe rewards go from $200-$10 000
Greenhouse iohttps://hackerone.com/greenhouseThe rewards go from $100-$1000
Homebrewhttps://firebounty.com/bug-bounty-program/794/homebrew
HackerOnehttps://hackerone.com/securityThe rewards go from $500-$15000
Harvesthttps://hackerone.com/harvest$100 minimum bounty
HelloSignhttps://hackerone.com/hellosignYou can report an issue by email
Herokuhttps://hackerone.com/heroku$100 ? $1,500 per vulnerability
Highrise HQhttps://hackerone.com/highrise_hq/
HireVuehttps://hackerone.com/hirevueReward amounts will vary based upon the severity of the reported vulnerability, and eligibility is at our sole discretion.
Hybrid Saashttps://hackerone.com/hybridsaas/
Hyperledgerhttps://hackerone.com/hyperledgerOur rewards are based on the impact of a vulnerability. The rewards go from $200-$1500
ICQhttps://firebounty.com/bug-bounty-program/830/icq/
Intercom Newhttps://firebounty.com/bug-bounty-program/774/intercom-newMinimum of $100
Infogramhttps://firebounty.com/bug-bounty-program/849/infogram/
Indeedhttps://hackerone.com/indeed$100 ? $5,000 per vulnerability
Independerhttps://hackerone.com/independerThe reward is minimum of a ? 50
Inflectionhttps://hackerone.com/inflectionFrom $0 for Low severity bugs to minimum $2000 for Critical severity bugs
INGhttps://hackerone.com/ingYou may get a reward.
Instagramhttps://hackerone.com/instagramThe minimum reward is $500.
Instamojohttps://hackerone.com/instamojoAll bugs are awarded a bounty based on their impact.
Instructurehttps://hackerone.com/instructure/
Intel Corporationhttps://hackerone.com/intelThe reward go from $2000-$10000
IRCCloudhttps://hackerone.com/irccloudOur minimum reward is $50 USD for minor issues, while we expect to reward $500+ USD for major vulnerabilities
KAYAKhttps://hackerone.com/kayak/
Keybasehttps://hackerone.com/keybaseReward amounts will vary based upon the severity of the reported vulnerability, and eligibility is at our sole discretion.
Krakenhttps://hackerone.com/krakenfxFor significant bugs, we offer reward and recognition on our Wall of Fame.
Kyuphttps://hackerone.com/kyupcloudIt may vary between $10 and $200 per bug.
LaunchKeyhttps://hackerone.com/launchkeyThe minimum bounty for a qualifying security vulnerability is $200 USD. There is no maximum bounty
LINEhttps://hackerone.com/lineThe rewards go from $500-$10000
LinkedInhttps://hackerone.com/linkedin/
LocalTapiolahttps://hackerone.com/localtapiolaRewards may range from $50 up to $50,000.
Lysthttps://hackerone.com/lystThe rewards go from $100-$5000+
Monerohttps://firebounty.com/bug-bounty-program/842/monero
Mail Ruhttps://hackerone.com/mailruThe rewards go from $150-$10000
ManageWPhttps://hackerone.com/managewp/
Mapboxhttps://hackerone.com/mapbox/
Massachusetts Institute of Technologyhttps://hackerone.com/mitWe are offering TechCASH as thanks.
MasterCardhttps://hackerone.com/mastercard/
Megahttps://hackerone.com/megaprivacyWe offer up to EUR 10,000 per bug
Merakihttps://hackerone.com/merakiRewards for qualifying bugs range from $100 to $2,500
Microsofthttps://hackerone.com/microsoft/
Monacohttps://hackerone.com/monacoThe reward goes from $250-$7500
Mozillahttps://hackerone.com/mozilla/
Netgearhttps://firebounty.com/bug-bounty-program/777/netgear$150-$15000
N26https://hackerone.com/n26The ewrads go from $250-$2000
Naver Whalehttps://hackerone.com/naver_whaleThe reward goes from $500-$7500
NCSC-NLhttps://hackerone.com/ncsc/
Nesthttps://hackerone.com/nestNest uses Google reward program
New Relichttps://hackerone.com/newrelicThe reward goes from $100-$5000+
Nextcloudhttps://hackerone.com/nextcloudThe rewards go from $250-$5000
Nginx (IBB)https://hackerone.com/ibb-nginxThe rewards go from $500-$3000
Nimiqhttps://hackerone.com/nimiqThe rewards go from $500-$13337
Nintendohttps://hackerone.com/nintendoThe rewards go from $100-$2000
Node jshttps://hackerone.com/nodejsThe rewards go from $500-$1500
Nuonhttps://hackerone.com/nuon/
Outscalehttps://firebounty.com/bug-bounty-program/769/outscaleThe rewards go from $80-$800
OCCRPhttps://firebounty.com/bug-bounty-program/876/occrp/
Oculushttps://hackerone.com/oculus/
ok ruhttps://hackerone.com/ok/
Olahttps://hackerone.com/olacabsThe lowest reword is 5000 INR (74.4082 USD) and the highest is 3,00,000 INR (4,463.23 USD)
Olarkhttps://hackerone.com/olarkThe rewards go from $100-$300 for critical disclosures
Onshapehttps://hackerone.com/onshape/
OpenSSL (IBB)https://hackerone.com/ibb-opensslThe rewards go from $500-$5000
Optimizelyhttps://hackerone.com/optimizely/
Outboundhttps://hackerone.com/outboundThe reward goe from $50-$1000+
OV-chipkaarthttps://hackerone.com/ovchipkaart/
OVHhttps://hackerone.com/ovh-groupMinimum reward is ?50 and our maximum rewards is ?10,000.
ownCloudhttps://hackerone.com/owncloudThe reward goes from $250-$5000
Paragon Initiative Enterpriseshttps://hackerone.com/paragonieThe rewards go from $1-$200+
Parsehttps://hackerone.com/parseit/
PasteCoinhttps://hackerone.com/pastecoinThe minimum reward for eligible bugs is 0.2 BTC.
Rewards over the minimum are at our discretion, but we will pay significantly more for particularly serious issues.
Only one reward per bug.
PayPalhttps://hackerone.com/paypalWall of fame
Paysafecardhttps://hackerone.com/paysafecardMinimum reward $50
Perl (IBB)https://hackerone.com/ibb-perlThe reward goes from $500-$1500
Phabricatorhttps://hackerone.com/phabricatorBounty Range: ~$300 - $3,000, based on severity.
Pinteresthttps://hackerone.com/pinterest$100 ? $5,000 per vulnerability
Piwikhttps://hackerone.com/piwikThe bounty for valid critical security bugs is a $555 (US) cash reward. The bounty for non-critical bugs is $242 (US), paid via Paypal.
Plaidhttps://hackerone.com/plaidThe reward goes from $250-$2500
Pornhubhttps://hackerone.com/pornhubMinimum bounty $50 maximum $15 000
PortSwigger Web Securityhttps://hackerone.com/portswiggerThe reward go from $100-$10000
Prezihttps://hackerone.com/preziThe reward goes from $500+
Project Soprishttps://hackerone.com/project-sopris/
PullStringhttps://hackerone.com/toytalkMinimum reward $100, maximum $5000
Python (IBB)https://hackerone.com/ibb-pythonMinimum reward $100, maximum $1500
QIWIhttps://hackerone.com/qiwiMinimum bounty $50
Qualcommhttps://hackerone.com/qualcommThe rewards go from $200-$15000
Quiverhttps://hackerone.com/quiverReward amounts will vary based upon the severity of the reported vulnerability.
Quorahttps://hackerone.com/quoraThe rewards go from $100-$3000. Bonus up to $7000 for valid Remote Code Execution vulnerability identified in Quora.com server code.
Qwanthttps://hackerone.com/qwantQwant will offer a minimum reward of 50?. There is no maximum reward.
RBKmoneyhttps://hackerone.com/rbkmoneyThere are no rewards
Rabobankhttps://hackerone.com/rabobankIn most cases you are eligible for reward
Raisehttps://hackerone.com/raiseThe rewards go from $100-$2000
ReleaseWirehttps://hackerone.com/releasewireThe minimum reward for a verified bug is $25.00 USD. The total amount of the reward is based on several factors such as the severity of the issue. Only one (1) reward will be issued for each bug or security vulnerability.
Reverbhttps://hackerone.com/reverbReward amounts will vary based upon the severity of the reported vulnerability
Rijksoverheidhttps://hackerone.com/rijksoverheid/
Riot Gameshttps://hackerone.com/riotResearchers who successfully identify and report particularly severe security issues will receive an appropriate bounty and an invite to access this program.
Ripplehttps://hackerone.com/ripple Vulnerabilities that are harmless on their own, but could form part of a critical exploit will usually receive a bounty. Full-blown exploits can receive much higher bounties.
Risk iohttps://hackerone.com/riskio/
Rockstar Gameshttps://hackerone.com/rockstargamesOur minimum bounty for successful vulnerability submissions is $150. Depending on the severity and complexity of the identified potential vulnerability, higher bounties may be paid out at our discretion.
RSKhttps://hackerone.com/rsksmartThe rewards go from $750-$7000
Rubyhttps://hackerone.com/rubyThe rewards go from $500-$1500+
Ruby on Railshttps://hackerone.com/railsDecision to award a bounty is entirely at the discretion of the Panel.
RubyGemshttps://hackerone.com/rubygemsThe rewards go from $500-$1500+
Social Bladehttps://firebounty.com/bug-bounty-program/771/social-bladeSocial Blade is not currently providing monetary rewards
Souqhttps://firebounty.com/bug-bounty-program/785/souq-comThe rewards go from $50-$1500
Stellarhttps://firebounty.com/bug-bounty-program/832/stellar-org1point correspondes to 1 USD. The points go from 500 to 25000
SEMrushhttps://firebounty.com/bug-bounty-program/867/semrushOur vulnerability-reward payouts will go up to $3,000 USD for the most impactful exploits. If we accept your report, our minimum bounty is $50.
Samsung Mobilehttps://hackerone.com/samsungmobile/
Samsung SmartTVhttps://hackerone.com/samsungsmarttvOffers monetary bounty
Schuberg Philishttps://hackerone.com/schubergphilisT-shirt, donation to Room To Read,a bottle of Champagne
SEMrushhttps://hackerone.com/semrushThe rewards go from $150-$3000
Sentryhttps://hackerone.com/sentry/
Shopifyhttps://hackerone.com/shopifyMinimum bounty $500-$10 000
Showmaxhttps://hackerone.com/showmaxMinimum reward $100, maximum reward $1000
Silent Circlehttps://hackerone.com/silentcircleThe standard reward is $128.00 USD. Reward amounts may vary depending upon the severity of the vulnerability reported
Simplehttps://hackerone.com/simple/
SimplyBuilthttps://hackerone.com/simplybuilt/
Slackhttps://hackerone.com/slackThe rewards go from $50-$1500
Snapchathttps://hackerone.com/snapchatThe rewards go from $2000-$15000
Sourcegraphhttps://hackerone.com/sourcegraphRewards for open bounties range from $10 to $4,000
Spotifyhttps://hackerone.com/spotifyMinimum bounty $250
Starbuckshttps://hackerone.com/starbucksThe rewards go from $100-$4000
StatusPage iohttps://hackerone.com/statuspageio$100 ? $1,500 per vulnerability
Stripehttps://hackerone.com/stripeMinimum reward of $100
Sunrisehttps://hackerone.com/sunrise/
Swisscomhttps://hackerone.com/swisscom/
Symphonyhttps://hackerone.com/symphony-3/
Synologyhttps://hackerone.com/synologyQualified reports will be rewarded between US$50 and $10,000.
Web Services in Scope
Qualified reports will be rewarded between US $50 and $2,000.
Tarsnaphttps://hackerone.com/tarsnapThe rewrads go from $1-$2000
Telegramhttps://hackerone.com/telegram/
Tencenthttps://hackerone.com/tencent/
Teradicihttps://hackerone.com/teradiciCurrently Teradici does not offer bounty at this moment.
Teslahttps://hackerone.com/teslamotorsHall of Fame. You may also be considered for an award if you are the first researcher to report one of the top 3 confirmed vulnerabilities in a calendar quarter.
The Internethttps://hackerone.com/internet
Tinfoil Securityhttps://hackerone.com/tinfoilsecurity/
Torhttps://hackerone.com/torprojectThe rewards go from $100-$4000
Trellohttps://hackerone.com/trello Our minimum reward is currently $256 USD, and we expect to pay $4096+ for major vulnerabilities.
trivagohttps://hackerone.com/trivago/
TTS Bug Bountyhttps://hackerone.com/ttsThe rewards go from $250-$5000
Tweakershttps://hackerone.com/tweakers/
Twiliohttps://hackerone.com/twilio$100 ? $5,000 per vulnerability
Twitterhttps://hackerone.com/twitterMinimum bounty $140, maximum bounty $20000+
Uberhttps://hackerone.com/uberThe awards go from $0-$10000 depends on the issue
Ubiquiti Networkshttps://hackerone.com/ubntUbiquiti Networks doesn't specify the monetary awards
Udemyhttps://hackerone.com/udemy$50 minimum bounty
Unikrnhttps://hackerone.com/unikrnUnikrn offers monetary rewards. The amount depends on the reported vulnerability.
United Airlineshttps://hackerone.com/unitedMaximum payout in award miles: From 50000-1000000
Upservehttps://hackerone.com/upserveThe awards go from $100-$2500
USAAhttps://hackerone.com/usaa/
Valvehttps://hackerone.com/valveThe rewards go from $200-$3000
Van Lanschothttps://hackerone.com/vanlanschot/
Vanillahttps://hackerone.com/vanillaThe rewards go from $150-$600
Veriduhttps://hackerone.com/veriduAt our discretion, we may set the reward amount based on the creativity or severity of the bugs.
VHXhttps://hackerone.com/vhxBounty amounts are determined by a panel based on the type, severity, exposure, difficulty to exploit, quality of report and other factors.
Vimeohttps://hackerone.com/vimeoNot specified
VK comhttps://hackerone.com/vkcomThe minimum reward is $100.
WakaTimehttps://firebounty.com/bug-bounty-program/831/wakatime/
Wambahttps://hackerone.com/wambaThe reward goes from $100-$3000 depending on the issue
We Do Trashhttps://hackerone.com/we_do_trash/
Websecurifyhttps://hackerone.com/websecurifyThe award value varies depending on the severity and creativity of your finding.
WePayhttps://hackerone.com/wepayMinimum bounty $100
Werken Bij Defensiehttps://hackerone.com/werkenbijdef/
Western Unionhttps://hackerone.com/westernunion$100 ? $5,000 per vulnerability
WHMCShttps://hackerone.com/whmcs/
WINKhttps://hackerone.com/wink_jq3alMinimum $100
WordPointshttps://hackerone.com/wordpointsWe offer small bounties for valid bugs. We may award larger bounties if we think the bug is more serious.
Xiaomihttps://hackerone.com/xiaomiRewards are limited to vulnerabilities that are being reported for the first time to the Xiaomi Security Center.
Yahoo!https://hackerone.com/yahooRewarrds go up to $15000
Yammerhttps://hackerone.com/yammerQualified submissions are eligible for a minimum payment of $500 USD up to a maximum of $15,000 USD.
Yandexhttps://hackerone.com/yammerThe rewrads go from $160-$3000
YouPornhttps://hackerone.com/youpornThe rewards go from $250-$15000
YouTubehttps://hackerone.com/youtubeGoogle Vulnerability Reward Program
ZOHOhttps://firebounty.com/bug-bounty-program/839/zohoNot specified
Zapierhttps://hackerone.com/zapierNot specified
Zendeskhttps://hackerone.com/zendeskThe rewards go from $100-$3000+
Zopimhttps://hackerone.com/zopimThe rewards go from $100-$3000+
Anghamihttps://hackerone.com/anghami/
Binary.com CashierProgram suspended
Block iohttps://hackerone.com/blockioThe minimum payout is $10 for reporting a previously unknown security vulnerability of sufficient severity with possibility for direct exploitation. There is no maximum reward
But the program is disabled
Blockchainhttps://www.blockchain.com/From $50- <$1600
Boozt Fashion ABhttps://hackerone.com/booztOur security bug bounty reward budget is between 50$ and 500$, lowest being minor security issues and highest being severe bugs like SQL injection or remote code execution.
Boozt Fashion AB is taking a break and is not accepting new submissions.
Coin.Spacehttps://hackerone.com/coinspaceThe minimum payout is $125 for reporting a previously unknown security vulnerability of sufficient severity with possibility for direct exploitation. There is no maximum reward
Coin.Space has been disabled.
drchronohttps://hackerone.com/drchronoOur minimum reward for reports that demonstrate leaked or modified doctor or patient data is $50 USD. There is no maximum.For reports that demonstrate PHI exposure from outside of the owner's account (does not require malicious staff), we will award a minimum of $200. For large-scale PHI exposure from outside the account, we will award a minimum of $500.
drchrono has been disabled
Enterhttps://hackerone.com/enterThe minimum payout is $250 for reporting a previously unknown security vulnerability of sufficient severity with possibility for direct exploitation. There is no maximum reward.
No longer taking new submissions
Flash (IBB)/
Flox/
Gratipayhttps://hackerone.com/gratipayNot Active anymore
itBit Exchangehttps://hackerone.com/itbitReward amounts may vary depending upon the severity of the vulnerability reported.CRITICAL (Awarded at or above $2,000)HIGH (Awarded at $1,000 +/- depending on impact)MEDIUM/LOW (Awarded up to $500)No longer taking new submissions
LeaseWebhttps://hackerone.com/leasewebMinimum of $50
No longer taking new submissions
Legal Robothttps://hackerone.com/legalrobotThe rewrads go from $20-???
No longer taking new submissions
MapsMarker.com e.U.https://hackerone.com/mapsmarker_com_e_uThe rewrads go from $10-$100
No longer taking new submissions
Mixmaxhttps://hackerone.com/mixmaxIf you find a severe security vulnerability such that you can access or modify another Mixmax user's data, you'll be rewarded with a free Mixmax Professional account for a year ($288 value!)
No longer taking new submissions
MS-DOS/The bounty program has come to an end
Munzeehttps://hackerone.com/munzee/
Openfoliohttps://hackerone.com/openfolio/
SecNewshttps://hackerone.com/secnewsThe monetary reward is from 50? - 3000?. But also there are things like Recognition on the website etc.
No longer taking new submissions
Square Open Sourcehttps://hackerone.com/square-open-source/
Sucurihttps://hackerone.com/sucuriminimum reward is $250 USD. But right now Sucuri is not taking any more submissions
VLChttps://hackerone.com/vlcThe rewards go from $250-$5000
No longer taking new submissions
WebSummithttps://hackerone.com/websummitWebsummit is no longer taking submissions
Whisperhttps://hackerone.com/whisperWhisper is no longer taking new submissions
No longer taking new submissions
withinsecurityhttps://hackerone.com/withinsecuritywithinsecurity has been disabled
WP APIhttps://hackerone.com/wp-apiNo longer taking new submissions
Ciscohttps://www.cisco.com/c/en/us/about/security-center/security-vulnerability-policy.html/
Magentohttps://bugcrowd.com/magento$100 ? $10,000 per vulnerability
PHPhttps://hackerone.com/ibb-phpThe rewards go from $500-$1500+
Word Presshttps://hackerone.com/wordpress/
Weblatehttps://firebounty.com/bug-bounty-program/835/weblate/
Zomatohttps://hackerone.com/zomato/The minimum reward for severe bugs like Remote Code Execution or User Personal Information Access is $1000 USD.
123 Contact Formhttps://www.123formbuilder.com/security-acknowledgements/?pagetype=htmlandingpages/
Acquiahttps://www.acquia.com/how-report-security-issueHall of fame
ebayhttps://pages.ebay.com/securitycenter/security_researchers.htmlPublic thank you.
AVGhttps://bugcrowd.com/avgtechnologies$50 ? $1,000 per vulnerability
Bufferhttps://buffer.com/securityMonetary bounty.
Ubuntuhttps://help.ubuntu.com/lts/serverguide/reporting-bugs.html#reporting-bugs-apport-cli/
Tumblerhttps://tumblr.zendesk.com/hc/en-us/articles/234583348-Bug-Bounty-ProgramRewards may range from Tumblr-branded swag to monetary rewards up to $5,000 USD
Sonyhttps://hackerone.com/sony/
Netflixhttps://bugcrowd.com/netflix$100 ? $15,000 per vulnerability
NASAhttps://firebounty.com/bug-bounty-program/589/nasa/
Mediumhttps://help.medium.com/hc/en-us/articles/213481308-Bug-Bounty-Disclosure-ProgramBased on severity of the bug the rewards can go up to $1000
Huaweihttps://firebounty.com/bug-bounty-program/139/huawei/
Humble Bundlehttps://bugcrowd.com/humblebundleHall of fame
Hootsuitehttps://hootsuite.com/security/response/
Freelancerhttps://www.freelancer.com/about/securityHall of fame
Applehttps://support.apple.com/en-au/HT201220/
Amazonhttps://aws.amazon.com/security/vulnerability-reporting//
Airbnbhttps://hackerone.com/airbnb/Maximum bounty is $15,000 USD based on the issue
Adobehttps://hackerone.com/adobe/
HTChttps://www.htc.com/us/terms/product-security//
MailChimphttps://hackerone.com/mailchimp/
Operahttps://www.opera.com/security/policy/
Soundcloudhttps://hackerone.com/soundcloud/
AOLhttps://contact.security.aol.com//
Linksyshttps://hackerone.com/linksys/
Malwarebyteshttps://www.malwarebytes.com/secure/he amount awarded for these bugs is between $100 and $1000 depending on the bug severity and exploitability. Hall of fame
McAfeehttps://www.mcafee.com/us/threat-center/product-security-bulletins.aspx#=tab-1/
PubNubhttps://firebounty.com/bug-bounty-program/764/pubnubMonetary bounty.
Oktahttps://firebounty.com/bug-bounty-program/752/oktaThe rewards go from $50-up to $15000
Smarsheethttps://firebounty.com/bug-bounty-program/754/smartsheet/
HubSpothttps://firebounty.com/bug-bounty-program/750/hubspot-responsible-disclosure/
SecureDrophttps://firebounty.com/bug-bounty-program/745/securedrop/
Circlehttps://firebounty.com/bug-bounty-program/746/circle-mobile-apps$50 dollar reward
U.S. Dept Of Defensehttps://firebounty.com/bug-bounty-program/742/u-s-dept-of-defenseHall of fame
Terapeakhttps://firebounty.com/bug-bounty-program/741/terapeakMonetary bounty.
Pushwooshhttps://firebounty.com/bug-bounty-program/739/pushwooshHall of fame
Mindoktorhttps://firebounty.com/bug-bounty-program/734/mindoktorMinimum reward is $100 USD, maximum reward $10000
CoderzWarhttps://firebounty.com/bug-bounty-program/732/coderzwarHall of fame
Moneybirdhttps://hackerone.com/moneybirdMonetary bounty.
OLXhttps://firebounty.com/bug-bounty-program/722/olxThe rewards don't include monetary bounty
Skylinerhttps://firebounty.com/bug-bounty-program/710/skyliner/
Instacarthttps://firebounty.com/bug-bounty-program/712/instacartHall of fame
Kaspersky Labhttps://firebounty.com/bug-bounty-program/714/kaspersky-labMonetary bounty.
Yelphttps://firebounty.com/bug-bounty-program/704/yelpOur vulnerability-reward payouts will go up to $15,000 USD for the most impactful exploits. If we accept your report, our minimum bounty is $100.
Sophos Responsible Disclosurehttps://firebounty.com/bug-bounty-program/698/sophos-responsible-disclosureAwards are granted entirely at the discretion of Sophos.
Manalyzerhttps://firebounty.com/bug-bounty-program/688/manalyzerA maximum of two bounties will be awarded per person.
ProtonMailhttps://firebounty.com/bug-bounty-program/611/protonmailMinimm bounty $50, maximum bounty $500
HPhttps://firebounty.com/bug-bounty-program/4/hp/
Imgurhttps://firebounty.com/bug-bounty-program/1/imgurRecognition on our Hall of Fame,minimum of $50,an Imgur t-shirt
Grouponhttps://firebounty.com/bug-bounty-program/496/groupon/
Bitcasahttps://firebounty.com/bug-bounty-program/35/bitcasaSite can't be reached
Binghttps://firebounty.com/bug-bounty-program/34/bing/
Dato Capitalhttps://firebounty.com/bug-bounty-program/78/dato-capitalHall of fame
Gliphhttps://firebounty.com/bug-bounty-program/125/gliph/
Honeywellhttps://firebounty.com/bug-bounty-program/136/honeywell/
Meldiumhttps://firebounty.com/bug-bounty-program/195/meldium/
Panasonichttps://firebounty.com/bug-bounty-program/232/panasonic/
Twitchhttps://firebounty.com/bug-bounty-program/320/twitch/
DPDhttps://firebounty.com/bug-bounty-program/447/dpdHall of fame
Galleryhttps://firebounty.com/bug-bounty-program/448/galleryMonetary bounty from $100-$1000
You Need a Budget (YNAB)https://bugcrowd.com/ynab$100 ? $1,500 per vulnerability
Volusion V1https://bugcrowd.com/volusion$25 ? $500 per vulnerability
TYPO3https://typo3.org/community/teams/security//
Tuentihttps://corporate.tuenti.com/en/dev/security/
Trend Microhttps://success.trendmicro.com/vulnerability-responseHall of fame
Transloadithttps://transloadit.com/security/Hall of fame
Telenet Belgiumhttp://binaries.telenet.be/onlinesupport/pdf/responsible_disclosure_policy_en.pdf/
Team Unifyhttps://www.teamunify.com/swim-team-management-software/security//
Spokeohttps://www.spokeo.com/bug-bountyThe minimum bounty amount for a validated bug submission is $50 USD and the maximum bounty for a validated bug submission is $5,000 USD.
Splitwisehttps://blog.splitwise.com/about/responsible-disclosure-special-thanks/Hall of fame
Alcyonhttps://www.alcyon.nl/responsible-disclosure//
Altervistahttps://en.altervista.org/credits.phpHall of fame
Amarahttps://amara.org/en/security
Appceleratorhttps://www.appcelerator.com/privacy/responsible-disclosure-of-security-vulnerabilities/Hall of fame
ARM mbedhttps://tls.mbed.org/bug-bounty-programMinimum payout is 250 EURO
Atlassianhttps://bugcrowd.com/atlassian$100 ? $3,000 per vulnerability
Automattichttps://hackerone.com/automatticMonetary bounty
Basehttps://getbase.com/security//
Basecamphttps://basecamp.com/about/policies/securityHall of fame
BitPayhttps://support.bitpay.com/hc/en-us/articles/204229369-BitPay-Bug-Bounty-Program/
BitWallhttp://www.bitwall.io/securityHall of fame
Blinksalehttps://bugcrowd.com/blinksale?utm_source=the-list&utm_medium=list-link&utm_campaign=blinksalePoints per vulnerability
Boxhttps://www.box.com/about-us/security/
Envatohttps://webuild.envato.com/helpful-hacker/Hall of fame
Internetwachehttps://en.internetwache.org/security/Hall of fame
Juniperhttps://www.juniper.net/us/en/security/report-vulnerability//
MobiKwikhttps://www.mobikwik.com/bug-bountyminimum reward or bounty is ?1000.
Motorolahttps://www.motorolasolutions.com/en_us/about/security-vulnerability.htmlMonetary bounty and hall of fame
Myntrahttps://www.myntra.com/security/whitehatHall of fame
Own Cloudhttps://owncloud.org/security//
Pidginhttp://pidgin.im/security//
Digital Oceanhttps://www.digitalocean.com/security//
Braintreehttps://www.braintreepayments.com/developers/disclosureHall of fame
Blackboardhttp://www.blackboard.com/footer/security-policy.html/
Coupahttps://success.coupa.com/Trust/Security_Policies/Vulnerability_Reporting_PolicyNo compensation
Detectifyhttps://blog.detectify.com/2013/12/03/detectify-responsible-disclosure-program/Hall of fame
Eclipsehttp://www.eclipse.org/security//
Acorns LLChttps://bugcrowd.com/acorns$25 ? $500 per vulnerability
ActiveProspecthttps://activeprospect.com/security/Hall of fame
ActiVPNhttps://bugcrowd.com/activpn?utm_source=the-list&utm_medium=list-link&utm_campaign=activpnPoints per vulnerability
Apptentivehttps://www.apptentive.com/privacy//
Asteriskhttps://wiki.asterisk.org/wiki/display/AST/Asterisk+Bug+Bounties/
Atlassian - JIRA/Confluence Cloudhttps://bugcrowd.com/atlassian$100 ? $3,000 per vulnerability
Auth0https://auth0.com/whitehatHall of fame
Beanstalkhttps://support.beanstalkapp.com/article/890-responsible-disclosure-policyHall of fame, T-shirt, no monetary reward
Bithunthttps://hackerone.com/bithuntNo monetary reward
Boschhttps://psirt.bosch.com/en/responsibleDisclosurePolicy.html/
BTX Traderhttps://www.btxtrader.com/bugbounty.html#/bugbounty/
Caffeinehttps://bugcrowd.com/caffeine$100 ? $3,000 per vulnerability
Centrifyhttps://bugcrowd.com/centrify$100 ? $3,000 per vulnerability
Chargifyhttps://bugcrowd.com/chargify?utm_source=the-list&utm_medium=list-link&utm_campaign=chargifyPoints per vulnerability
Chronobankhttps://blog.chronobank.io/chronobank-bug-bounty-program-269d97b9a5b1/
CircleCihttps://circleci.com/security/Hall of fame
CloudFlarehttps://hackerone.com/cloudflareHall of fame
Code Climatehttps://codeclimate.com/securityHall of fame
Codeigniterhttps://hackerone.com/codeigniterHall of fame
Coin Space BTChttps://hackerone.com/coinspaceThe minimum payout is $125 for reporting a previously unknown security vulnerability of sufficient severity with possibility for direct exploitation. There is no maximum reward.
Commonswarehttps://commonsware.com/bounty.html/
Composehttps://www.compose.com/securityHall of fame
Constant Contacthttps://bugcrowd.com/constantcontactPoints per vulnerability
Courserahttps://hackerone.com/courseraHall of fame
CrowdShieldhttps://crowdshield.com/bug-bounty-list.php?bug_bounty_program=crowdshield/
Customer Insighthttps://customerinsight.ca/CI/security-statement/No compensation
Dash Digital Cashhttps://bugcrowd.com/dashdigitalcash$100 ? $10,000 per vulnerability
Dash Messaginghttps://bugcrowd.com/dashmessagingPoints per vulnerability
Debian Security Trackerhttps://www.debian.org/Bugs//
Dellhttp://www.dell.com/learn/us/en/04/campaigns/report-vulnerability/
DigitalSellzhttps://hackerone.com/digitalsellz/
DNN Corporationhttp://www.dnnsoftware.com/platform/share/bug-reporting/
DNSimplehttps://dnsimple.com/securityHall of fame
DPDhttps://getdpd.com/security/Hall of fame, and monetary reward
eerohttps://bugcrowd.com/eeroPoints & Swag per vulnerability
EMChttps://www.emc.com/products/security/product-security-response-center.htm/
Envoyhttps://hackerone.com/envoyMinimum reward $100
Eventbritehttps://www.eventbrite.com/security//
Event Espressohttps://eventespresso.com/report-a-security-vulnerability//
Evernotehttps://evernote.com/security//
Expatistanhttps://www.expatistan.com/securityHall of fame
ExpressionEnginehttps://hackerone.com/expressionengine/
Factlinkhttps://hackerone.com/factlinkHall of fame
Fiat Chrysler Automobileshttps://bugcrowd.com/fca$150 ? $1,500 per vulnerability
Fireeyehttps://www.fireeye.com/company/security.html/
Fitbithttps://bugcrowd.com/fitbit$100 ? $2,500 per vulnerability
Foursquarehttps://foursquare.com/about/securityHall of fame
FoxyCarthttps://bugcrowd.com/foxycart?utm_source=the-list&utm_medium=list-link&utm_campaign=foxycart$25 ? $500 per vulnerability
Freshbookshttps://www.freshbooks.com/policies/responsible-disclosureHall of fame
GateCoinhttps://gatecoin.com/bugBounty/Only one bounty will be awarded per vulnerability.
Gemfuryhttps://gemfury.com/security/
General Motorshttps://hackerone.com/gm/
GO-JEKhttps://bugcrowd.com/gojek$200 ? $5,000 per vulnerability
Grok Learninghttps://groklearning.com/security/Hall of fame
Hack the Pentagonhttps://www.hackerone.com/resources/hack-the-pentagonMinimum $100, maximum $15000
Harmonyhttp://get.harmonyapp.com/security/Hall of fame
Hex-Rayshttps://www.hex-rays.com/bugbounty.shtmlHex-Rays will pay a 3000 USD bounty for certain security bugs.
IBMhttps://www.ibm.com/security/secure-engineering/report.html/
ICEcoderhttps://bugcrowd.com/icecoder?utm_source=the-list&utm_medium=list-link&utm_campaign=icecoderPoints per vulnerability
Inflectrahttps://www.inflectra.com/Company/Responsible-Disclosure.aspxHall of fame
Informaticahttps://hackerone.com/informatica/
IntegraXor (SCADA)https://www.integraxor.com/integraxor-hmi-scada-bug-bounty-program/Reward points
InVisionhttps://bugcrowd.com/invision$100 ? $1,500 per vulnerability
(ISC)ýhttps://bugcrowd.com/isc2?utm_source=the-list&utm_medium=list-link&utm_campaign=isc2Points per vulnerability
Issuuhttps://issuu.com/responsible-disclosureHall of fame
itBit Exchangehttps://hackerone.com/itbitThe reward can go up to $2000+
iwantmynamehttps://bugcrowd.com/iwantmyname?utm_source=the-list&utm_medium=list-link&utm_campaign=iwantmynamePoints per vulnerability
Jet comhttps://bugcrowd.com/jet?utm_source=the-list&utm_medium=list-link&utm_campaign=jet$100 ? $15,000 per vulnerability
JRubyhttp://jruby.org/security/
Jumpleadhttps://jumplead.com/about/securityHall of fame
Keming Labshttps://keminglabs.com/security_disclosure//
Kenna Securityhttps://bugcrowd.com/kennasecurity$50 ? $1,500 per vulnerability
Khan Academyhttps://hackerone.com/khanacademyHall of fame
LastPasshttps://bugcrowd.com/lastpass?utm_source=the-list&utm_medium=list-link&utm_campaign=lastpass$10 ? $5,000 per vulnerability
Localizehttps://hackerone.com/localizeLocalize has been disabled.
Logentrieshttps://docs.logentries.com/docs/security/Hall of fame
Magix AGhttp://research.magix.com/Hall of fame
Mattermosthttps://about.mattermost.com/report-security-issue/Hall of fame
Mavenlinkhttps://hackerone.com/mavenlinkHall of fame + small bounties
Maximumhttps://hackerone.com/maximumThis reward will vary depending on the seriousness of the issue and the quality of the report.
Mobile Vikingshttps://hackerone.com/mobilevikingsHall of fame
Moodlehttps://moodle.org/mod/forum/view.php?f=996&showall=1Broken link
NetApphttps://security.netapp.com/contact//
Nvidiahttps://www.nvidia.com/en-us/product-security//
OnePageCRMhttps://bugcrowd.com/onepagecrm?utm_source=the-list&utm_medium=list-link&utm_campaign=onepagecrmPoints per vulnerability
Open Xchangehttps://hackerone.com/open-xchangeMinimum reward of $100 for vulnerabilities we consider to be serious, up to a maximum of $5000 for the most severe vulnerabilities
Pantheonhttps://bugcrowd.com/pantheon?utm_source=the-list&utm_medium=list-link&utm_campaign=pantheonPoints per vulnerability
Panzurahttps://panzura.com/support/panzura-security-policy//
Rackspacehttps://www.rackspace.com/information/legal/rsdpHall of fame
Relasohttp://relaso.com/disclosureNo compensation
Segment iohttps://segment.com/docs/legal/security/Hall of fame
Sellfyhttps://sellfy.com/security/Hall of fame
SendSafelyhttps://bugcrowd.com/sendsafely?utm_source=the-list&utm_medium=list-link&utm_campaign=sendsafelyPoints per vulnerability
SiteGroundhttps://www.siteground.com/term/92.htmHall of afame
Smart Budgethttps://www.sbudget.com/people.plHall of fame
Socratahttps://bugcrowd.com/socrata?utm_source=the-list&utm_medium=list-link&utm_campaign=socrata$25 ? $1,500 per vulnerability
Solvinityhttps://www.solvinity.com/responsible-disclosure/
SplashIDhttps://bugcrowd.com/splashid?utm_source=the-list&utm_medium=list-link&utm_campaign=splashidPoints per vulnerability
Sprout Socialhttps://bugcrowd.com/sproutsocial?utm_source=the-list&utm_medium=list-link&utm_campaign=sprout_socialPoints per vulnerability
Tapatalkhttps://tapatalk.com/security.php/
Unitaghttps://www.unitag.io/securityHall of fame
Zyngahttps://www.zynga.com/security/whitehatsHall of fame
Yeswarehttps://www.yesware.com/security/Hall of fame
Xenhttps://www.xenproject.org/security-policy.html/
Volcanic Pixelshttps://www.volcanicpixels.com/security/
Viadeohttp://www.viadeo.com/en/securiteHall of fame
Symantechttps://www.symantec.com/en/uk/security-center/vulnerability-management/
Skuidhttps://www.skuid.com/security//
Skoodathttp://www.skoodat.com/securityNo compensation
Sifterhttps://sifterapp.com/policies/security/Hall of fame
Riskalyzehttps://www.riskalyze.com/legal#security-responseHall of fame
Red Hathttps://access.redhat.com/articles/66234Hall of fame
Pockethttps://help.getpocket.com/article/870-pocket-security-overviewHall of fame
Paymillhttps://developers.paymill.com/guides/security/security-standardsHall of fame, monetary reward
Paychoicehttp://www.paychoice.com.au/security/#security-researchersHall of fame
OpenTexthttps://www.opentext.com/who-we-are/copyright-information/security-acknowledgementsHall of fame
Offensive Securityhttps://www.offensive-security.com/bug-bounty-program/The rewards go from $200-$1000 based on the issue
Foxycarthttps://www.foxy.io/security-contact?redirected=trueHall of fame
Fog Creekhttp://www.fogcreek.com/security/Hall of fame
Fluxiomhttps://www.fluxiom.com/securityHall of fame
Engineyardhttps://www.engineyard.com/policies/privacyHall of fame
Coindrawerhttps://www.coindrawer.com/whitehat/The reward is determined based upon the severity of the bug discovered. Rewards are paid in BTC to the email address of a Coindrawer account holder. Plus Hall of fame
Under Armourhttps://bugcrowd.com/underarmourPoints per vulnerability
Credit Karmahttps://bugcrowd.com/creditkarma$200 ? $3,000 per vulnerability
Concurhttps://bugcrowd.com/concurPoints per vulnerability
Multicrafthttps://bugcrowd.com/multicraft$25 ? $750 per vulnerability
NolimitVPNhttps://bugcrowd.com/nolimitvpnPoints per vulnerability
Marktplaatshttps://hackerone.com/marktplaatsA typical bounty will vary from SWAG (goodies, gifts, presents) up to a bug-bounty of ?350,-. (based on the probability and the damage impact of exploitatio
Robinhoodhttps://hackerone.com/robinhoodThe minimum payout is $100 USD
Paytmhttps://bugbounty.paytm.com/The minimum reward for eligible bugs is the equivalent of 1000 INR.
Only one reward per bug.
Android Free Appshttps://www.google.com/about/appsecurity/android-rewards/The rewards go from $330 up to $200 000
Certlyhttps://hackerone.com/certlyHall of fame
Doorkeeperhttps://www.doorkeeper.jp/responsible_disclosure?locale=enHall of fame
Firebasehttps://firebase.google.com/support/#section-security/
MCProHostinghttps://bugcrowd.com/mcprohostings?utm_source=the-list&utm_medium=list-link&utm_campaign=mcprohostingsPoints per vulnerability
Solve360https://solve360.com/security-response/Hall of fame
Monethahttps://www.monetha.io/bountyThe rewards go from $100-$10 000
Ledgerhttps://www.ledger.fr/bounty-program/The amount of each bounty is based on the classification and sensitivity of the data impacted.
Bounties will be paid directly to the researcher using Bitcoin.
WhatsApphttps://hackerone.com/whatsappFacebook White Hat program
Tinderhttps://www.gotinder.com/securityTinder?s bug bounty program is private and inclusion is by invite only.
McDeliveryhttps://www.mcdelivery.co.in/bugBountyMonetary reward for each valid bug reported would be based on criticality of the issue.
ExpressVPNhttps://www.expressvpn.com/features/bug-bountyExpressVPN offers financial rewards and recognizes your contribution to the security of our services
PureVPNhttps://firebounty.com/bug-bounty-program/250/purevpn/
Hunterhttps://hunter.io/security-bounty-programOur reward system is flexible and doesn?t have any strict upper or lower limit.
Razer UShttps://hackerone.com/razer_us/
GoCDhttps://firebounty.com/bug-bounty-program/720/gocd/
Projectplacehttps://firebounty.com/bug-bounty-program/621/projectplaceOur minimum reward is $20 USD; our maximum is $1000 USD. Rewards are completely at the discretion of Projectplace.
Clefhttps://firebounty.com/bug-bounty-program/429/clefThe minimum reward offered to whitehat researchers is $32 USD (paid in Bitcoin or USD, your choice).
ClickUphttps://clickup.com/bug-bountyNo minimum or maximum reward.
Aircloakhttps://aircloak.com/compliance/attack-challenge/Hall of fame, $5000 reward
Ancient Brainhttps://ancientbrain.com/bugs.php? 20 for a minor bug.
? 100 for a major bug.
? 200 for a critical bug.
C2FOhttps://hackerone.com/c2foHall of fame, no monetary reward.
Cayanhttps://cayan.com/developers/knowledge-base/faqs/does-cayan-have-a-bug-bounty-programYou can receive a reward of at least $250.
CS:GO (2)https://csgoblackjack.com/bug-bountyNo maximum and no minimum reward
Drupalhttps://www.drupal.org/node/101494Hall of fame
Garminhttps://www.garmin.com/de-DE/legal/security#report/
MacKeeperhttps://firebounty.com/bug-bounty-program/696/mackeeperMonetary reward.
Mimecasthttps://www.mimecast.com/responsible-disclosure/Hall of fame
Odoohttps://www.odoo.com/de_DE/page/responsible-disclosureHall of fame
Phillipshttps://www.philips.com/a-w/security/coordinated-vulnerability-disclosure.html/
Recorded Futurehttps://www.recordedfuture.com/security/Hall of fame T-Shirt
Rocket-Chathttps://rocket.chat/docs/contributing/security/Hall of fame
Spreakerhttps://www.spreaker.com/securityRewards for qualifying bugs range from $100 to $1,000, sent to your PayPal account
ChargeOverhttp://help.chargeover.com/article/show/38302-bug-bounty-programPayouts range from $25 USD to $1000 USD depending on the severity of the issue found.
Webminihttps://www.webmini.com/de/responsible-disclosure/WebMini
StarLeafhttps://www.starleaf.com/c/bug-bounty-program/The rewards go from $50-$1000+
Parity Technologieshttps://paritytech.io/bug-bounty/The minimum reward for eligible bugs is the equivalent of 100 USD in ETH/BTC.
LiveAgenthttps://www.ladesk.com/liveagent-bug-bounty-program/The regular bounty reward is $50 per bounty submitted and verified by our dev team.
Artifexhttps://artifex.com/developers-bug-bounty-program/Accepted fixes for bugs at P1 and P2 pay a bounty of US$2,000 each. Bugs at lower priorities and ?normal? importance pay US$1,000 per bug. Bugs designated with ?trivial? or ?minor? importance pay a negotiated amount, typically US$200 per bug
Request Networkhttps://blog.request.network/request-network-bug-bounty-live-ee3297e46695The rewrards go fro $500-$20000
Yatrahttps://www.yatra.com/online/bug-bountyWall of fame
TenXhttps://www.tenx.tech/whitehat.htmlThe rewards go from $1000-$10000
FIRSThttps://www.first.org/about/bugsHall of fame
Make My Triphttps://www.makemytrip.com/pwa-hlp/mmtbb/reportHall of fame
WhatRunshttps://www.whatruns.com/bug-bountyRewards range from $100 up to $5000 and are determined at our discretion based on numerous factors.
Nanohttps://medium.com/@nanocurrency/nano-bug-bounty-program-e45acd888eb3Monetary reward
Windowshttps://blogs.technet.microsoft.com/msrc/2017/07/26/announcing-the-windows-bounty-program/The reward can go up to $250 000

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.