Bug Bounty Web List
What is the Bug Bounty Program?
Bug Bounty program provides recognition and compensation to security researchers practicing responsible disclosure. Company started Bug Bounty programs for improve their security. The Cyber security researchers are finding vulnerabilities on top websites and get rewarded.
Here are following Bug Bounty Web List.
Reward Programs
AT&T – http://developer.att.com/developer/apiDetailPage.jsp?passedItemId=10700235
(To submit you need to sign up to the free Developer API program)
Airtable – https://staging.airtable.com/security#responsible-disclosure
Algolia – https://hackerone.com/algolia
Alibaba – https://security.alibaba.com
Avast! – http://www.avast.com/bug-bounty
Barracuda – http://barracudalabs.com/
Badoo – http://corp.badoo.com/security
Brave – brave.com , mail to security@brave.com
Coinbase – https://coinbase.com/whitehat
Chromium Project – http://www.chromium.org/
CrowdShield – https://crowdshield.com/
Cryptocat – https://crypto.cat/bughunt/
Facebook – http://www.facebook.com/whitehat/
Etsy – http://www.etsy.com/help/article/2463
Gallery – http://codex.gallery2.org/Bounties
Ghostscript – http://ghostscript.com/Bug_bounty_program.html (Mostly software development, occasional security issues)
Google – http://www.google.com/about/company/rewardprogram.html
Hex-Rays – http://www.hex-rays.com/bugbounty.shtml
IntegraXor (SCADA) – http://www.integraxor.com/blog/integraxor-hmi-scada-bug-bounty-program
LaunchKey – https://launchkey.com/docs/whitehat
LiveAgent – https://www.ladesk.com/bug-bounty-program/
Marktplaats – http://statisch.marktplaats.nl/help/
Mega.co.nz – http://thenextweb.com/insider/2013/02/01/kim-dotcom-puts-up-13500-bounty-for-first-person-to-break-megas-security-system/
Meraki – http://www.meraki.com/trust/#srp
Microsoft – http://www.microsoft.com/security/msrc/report
Monet- https://monet.network/
Mozilla – http://www.mozilla.org/security/bug-bounty.html
Paypal – https://www.paypal.com/us/webapps/mpp/security/reporting-security-issues
PikaPay – https://www.pikapay.com/pikapay-security-policy/
Piwik – http://piwik.org/security/
Post Affiliate Pro – https://www.postaffiliatepro.com/post-affiliate-pro-bug-bounty-program
Recargapay – recargapay.com.br Mail to infosec@recargapay.com
Ricebridge – http://www.ricebridge.com/bugs.htm (Only available to customers)
Ripple – https://ripple.com/bug-bounty/
Samsung – https://samsungtvbounty.com/
Simple – https://www.simple.com/policies/website-security/
Tarsnap – https://www.tarsnap.com/bugbounty.html
Qiwi – https://www.qiwi.ru/page/hack.action
Qmail – http://cr.yp.to/djbdns/guarantee.html
Yandex – http://company.yandex.com/security/index.xml
Zerobrane – http://notebook.kulchenko.com/zerobrane/zerobrane-studio-bug-bounty
Product and Services (Hall Of Fame Only)
Acquia – https://www.acquia.com/how-report-security-issue
ActiveProspect – http://activeprospect.com/activeprospect-security/
Adobe – http://www.adobe.com/support/security/alertus.html
Amazon.com (retail) – please email details to security@amazon.com
Android Free Apps – http://www.androidfreeapp.net/security-researcher-acknowledgments/
Apple – http://support.apple.com/kb/HT1318
Blackberry – http://us.blackberry.com/business/topics/security/incident-response-team/collaborations.html
Braintree – https://www.braintreepayments.com/developers/disclosure
Card – https://www.card.com/responsible-disclosure-policy
cPaperless – http://www.cpaperless.com/securitystatement.aspx
Chargify – https://chargify.com/security/
DiMartino Entertainment – http://moosikay.dimartinoentertainment.com/site/credits/
eBay – http://pages.ebay.com/securitycenter
EVE – http://community.eveonline.com/devblog.asp?a=blog&nbid=2384
Evernote – http://evernote.com/security/
Foursquare – https://foursquare.com/about/security
Freelancer – http://www.freelancer.com/info/vulnerability-submission.php
Future Of Enforcement – http://futureofenforcement.com/?page_id=695
Gitlab – http://blog.gitlab.com/responsible-disclosure-policy/
Gliph – https://gli.ph/s/security.html
HakSecurity – http://haksecurity.com/special-thanks/
Harmony – http://get.harmonyapp.com/security/
Heroku – https://www.heroku.com/policy/security-hall-of-fame
Iconfinder – http://support.iconfinder.com/customer/portal/articles/1217282-responsible-disclosure-of-security-vulnerabilities
Kaneva – http://docs.kaneva.com/mediawiki/index.php/Bug_Bounty
Kayako – https://my.kayako.com/
Lastpass – https://lastpass.com/support_security.php
Mahara – https://wiki.mahara.org/index.php
MailChimp – http://mailchimp.com/about/security-response/
Microsoft (Online Services) – http://technet.microsoft.com/en-us/security/cc308589
Netflix – http://support.netflix.com/en/node/6657#gsc.tab=0
Nokia – http://www.nokia.com/global/security/acknowledgements/
Nokia Siemens Networks – http://www.nokiasiemensnetworks.com/about-us/responsible-disclosure
Norada – http://norada.com/crm-software/security_response
Owncloud – http://owncloud.org/about/security/hall-of-fame/
Opera – https://bugs.opera.com/wizarddesktop/
Oracle – http://:oracle.com/technetwork/topics/security
Puppet Labs – https://puppetlabs.com/security/acknowledgments/
RedHat – https://access.redhat.com/knowledge/articles/66234
Risk.io – https://www.risk.io/security
Security Net – http://www.securitynet.org/security-researcher-acknoledgments/
Sellfy – https://sellfy.com/security/
Spotify – https://www.spotify.com/us/about-us/contact/report-security-issues/
Sprout Social – http://sproutsocial.com/responsible-disclosure-policy
Telekom – http://www.telekom.com/corporate-responsibility/security/186450
Thingomatic – http://thingomatic.org/security.html
37signals – https://37signals.com/security-response
Tuenti – http://corporate.tuenti.com/en/dev/hall-of-fame
Twilio – https://www.twilio.com/docs/security/disclosure
Twitter – https://twitter.com/about/security
WizeHive – http://www.wizehive.com/special_thanks.html
Xmarks – https://buy.xmarks.com/security.php
Zendesk – http://www.zendesk.com/company/responsible-disclosure-policy
Zynga – http://company.zynga.com/security/whitehats
Product & Services (No Reward)
Amazon Web Services (AWS) – http://aws.amazon.com/security/vulnerability-reporting
Apriva – http://www.apriva.com/security
Authy – https://www.authy.com/security-issue
Blackboard – http://www.blackboard.com/footer/security-policy.aspx
Box – https://www.box.com/about-us/security/
Cisco – http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
Cloudnetz – http://cloudnetz.com/Legal/vulnerability-testing-policy.html
Contant Contact – http://www.constantcontact.com/about-constant-contact/security/report-vulnerability.jsp
Coupa – http://trust.coupa.com/home/security/coupa-vulnerability-reporting-policy
Drupal – https://drupal.org/security-team
EMC2 – http://www.emc.com/contact-us/contact/product-security-response-center.htm
Emptrust – http://www.emptrust.com/Security.aspx
Heroku – https://www.heroku.com/policy/security-hall-of-fame
HTC – http://www.htc.com/us/terms/product-security/
Huawei – http://www.huawei.com/en/security/psirt/report-vulnerabilities/index.htm
IBM – http://www-03.ibm.com/security/secure-engineering/report.html
KPN – http://www.kpn.com/Privacy.htm#tabcontent3
Lievensberg Hospital – http://www.lievensbergziekenhuis.nl/paginas/141-disclaimer.html
LinkedIn – http://help.linkedin.com/app/answers/detail/a_id/37022
Lookout – https://www.lookout.com/responsible-disclosure
Millsap Independent School District – http://www.millsapisd.net/BugReport.cfm
Modus CSR – http://www.moduscsr.com/security_statement.php
PagerDuty – http://www.pagerduty.com/security/disclosure/
Panzura – http://panzura.com/support/panzura-security-policy/
Pidgin – http://pidgin.im/security/
Plone – http://plone.org/products/plone/security/advisories
Pop Group – http://www.popgroupglobal.com/security.php
Reddit – http://code.reddit.com/wiki/help/whitehat
Relaso – http://relaso.com/disclosure
Salesforce – http://www.salesforce.com/company/privacy/security.jsp#vulnerability
Simplify – http://simplify-llc.com/simplify-security.html
Skoodat – http://www.skoodat.com/security
Scorpion Software – http://www.scorpionsoft.com/company/disclosurepolicy/
Square – https://squareup.com/security/levels
Symantec – http://www.symantec.com/security/
Team Unify – http://www.teamunify.com/__corp__/security.php
Tele2 – http://www.tele2.nl/klantenservice/veiligheid/tele2-en-veiligheid.html
T-Mobile (Netherlands) – http://www.t-mobile.nl/Global/media/pdf/privacy_statement_juni_2012.pdf
UPC – http://www.upc.nl/internet/veilig_internet/beveiligingsproblemen/
Viadeo – http://www.viadeo.com/aide/security/
Vodafone (Netherlands) – http://over.vodafone.nl/vodafone-nederland/privacy-veiligheid/beveiliging-en-bescherming/wat-doet-vodafone/meld-een-beveilig
VSR – http://www.vsecurity.com/company/disclosure
X.commerce – http://www.x.com/security
Xen – http://www.xen.org/projects/security_vulnerability_process.html
Ziggo – https://www.ziggo.nl/#klantenservice/internet/risicos-op-internet/meldpunt-beveiligingslekken
Post a Comment