PRODUCTS AND SERVICES (REWARD OFFERED)
- Bugcrowd -
- https://portal.bugcrowd.com/accounts/register/
- Facebook - http://www.facebook.com/whitehat/bounty/
- Etsy - http://www.etsy.com/help/article/2463
- Google - http://www.google.com/about/company/rewardprogram.html
- Paypal - https://www.paypal.com/us/webapps/mpp/security/reporting-security-issues
- Mozilla - http://www.mozilla.org/security/bug-bounty.html
- Piwik - http://piwik.org/security/
- Barracuda - http://www.barracudalabs.com/bugbounty/
- Yandex - http://company.yandex.com/security/index.xml
- Gallery - http://codex.gallery2.org/Bounties
- Qmail - http://cr.yp.to/djbdns/guarantee.html
- AT&T - http://developer.att.com/developer/apiDetailPage.jsp?passedItemId=10700235 - (We’ve been told that to submit you need to sign up to the Developer API Program which costs 99 USD…)
- Tarsnap - https://www.tarsnap.com/bugbounty.html
- Samsung - https://samsungtvbounty.com/
Access - https://www.accessnow.org/prize- Avast! - http://blog.avast.com/2013/01/25/introducing-avast-bug-bounty/
- Hex-Rays - http://www.hex-rays.com/bugbounty.shtml
- Kaneva - http://docs.kaneva.com/
mediawiki/index.php/Bug_Bounty - Mega.co.nz - http://thenextweb.com/insider/2013/02/01/kim-dotcom-puts-up-13500-bounty-for-first-person-to-break-megas-security-system/
- Cryptocat - https://crypto.cat/bughunt/
- Meraki - http://www.meraki.com/trust/#srp
- Groupon - http://www.groupon.com/api (See bottom of right hand sidebar)
BROKERS AND SECURITY COMPANIES
- HP Zero-Day Initiative (ZDI) - http://www.zerodayinitiative.com/about/benefits/
- Packet Storm - http://packetstormsecurity.com/bugbounty
- COSINC - http://www.coseinc.com/en/index.php?rt=advisory
- Beyond Security - http://www.beyondsecurity.com/ssd.html
- Exodus Intelligence - https://www.exodusintel.com/eip/
- iDefense - https://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/vulnerability-intelligence/index.xhtml
- White Fir Design - https://www.whitefirdesign.com/about/wordpress-security-bug-bounty-program.html
- Secunia - http://secunia.com/community/research/svcrp
- ExploitHub - https://www.exploithub.com/request/index/developmentrequests/
- Insight Partners - https://gvp.isightpartners.com/program_details.gvp?page=3&title=1§ion=0
- Netragard - http://pentest.snosoft.com/netragards-eap/
PRODUCT AND SERVICES (HALL OF FAME + SWAG)
- Github - https://help.github.com/articles/responsible-disclosure-of-security-vulnerabilities (Reward: T-shirt and stickers)
- Engineyard - https://www.engineyard.com/legal/responsible-disclosure-policy (Reward: T-shirt)
- ifixit - http://www.ifixit.com/Info/Responsible_Disclosure (Reward: T-shirt)
- Dropbox - https://www.dropbox.com/special_thanks (Reward: T-shirt)
- Soundcloud - http://help.soundcloud.com/customer/portal/articles/439715-responsible-disclosure (Reward: T-shirt)
- Amazon - http://aws.amazon.com/security/vulnerability-reporting (Reward: T-shirt)
- Yahoo - http://security.yahoo.com (Reward: T-shirt)
PRODUCT AND SERVICES (HALL OF FAME ONLY)
- Twitter - https://twitter.com/about/security
- Apple - http://support.apple.com/kb/HT1318
- Microsoft - http://technet.microsoft.com/en-us/security/cc308589
- RedHat - https://access.redhat.com/knowledge/articles/66234
- Tuenti - http://corporate.tuenti.com/en/dev/hall-of-fame
- Twilio - https://www.twilio.com/docs/security/disclosure
- Zynga - http://company.zynga.com/security/whitehats
- Mahara - https://wiki.mahara.org/index.php/Contributors#Security_Researchers
- Acquia - https://www.acquia.com/how-report-security-issue
- lastpass - https://lastpass.com/support_security.php
- Owncloud - http://owncloud.org/about/security/hall-of-fame/
- Nokia Siemens Networks - http://www.nokiasiemensnetworks.com/about-us/responsible-disclosure
- Harmony - http://get.harmonyapp.com/security/
- Nokia - http://www.nokia.com/global/security/acknowledgements/
- eBay - http://pages.ebay.com/securitycenter/ResearchersAcknowledgement.html
- EVE - http://community.eveonline.com/devblog.asp?a=blog&nbid=2384
- EngineYard - https://www.engineyard.com/legal/responsible-disclosure-policy
- Netflix - http://support.netflix.com/en/node/6657#gsc.tab=0
- Blackberry - http://us.blackberry.com/business/topics/security/incident-response-team/collaborations.html
- Risk.io - https://www.risk.io/security
- ActiveProspect - http://activeprospect.com/activeprospect-security/
- Future Of Enforcement - http://futureofenforcement.com/?page_id=695
- Zendesk - http://www.zendesk.com/company/responsible-disclosure-policy
- WizeHive - http://www.wizehive.com/special_thanks.html
- Xmarks - https://buy.xmarks.com/security.php
- Gitlab - http://blog.gitlab.com/responsible-disclosure-policy/
- Opera - https://bugs.opera.com/wizarddesktop/
- Adobe - http://www.adobe.com/support/security/alertus.html
PRODUCTS AND SERVICES (NO REWARD)
- Reddit - http://code.reddit.com/wiki/help/whitehat
- Contant Contact - http://www.constantcontact.com/about-constant-contact/security/report-vulnerability.jsp
- 37signals - https://37signals.com/security-response
- Atlassian - https://confluence.atlassian.com/display/SUPPORT/How+to+Report+a+Security+Issue
- Tuenti - http://corporate.tuenti.com/en/dev/hall-of-fame
- Owncloud - http://owncloud.org/security/hall-of-fame/
- Acquia - https://www.acquia.com/how-report-security-issue
- IBM - http://www-03.ibm.com/security/secure-engineering/report.html
- Symantec - http://www.symantec.com/security/
- Salesforce -http://www.salesforce.com/company/privacy/security.jsp#vulnerability
- Cloudnetz - http://cloudnetz.com/Legal/vulnerability-testing-policy.html
- Puppet Labs - http://puppetlabs.com/blog/responsible-disclosure-of-security-vulnerabilities
- Oracle - http://:oracle.com/technetwork/topics/security/securityfixlifecycle-086982.html
- VSR - http://www.vsecurity.com/company/disclosure
- Lookout - https://www.lookout.com/responsible-disclosure
- HTC - http://www.htc.com/us/terms/product-security/
- Scorpion Software - http://www.scorpionsoft.com/company/disclosurepolicy/
- Chargify - https://chargify.com/security/
If you notice something missing, or spot a bounty program which has ceased please tweet to us or leave a comment below… We’ll update ASAP and credit you for your help!
We’ve decided to include all kinds of bounties - incentivised, hall of fame, swag, and “other” – because regardless of your motivation and thoughts on disclosure incentives each of them give you an opportunity to legitimately do what you love to do… test new targets.
We’ve had a few people write in about their experiences, some good and some bad, with a few of the companies mentioned. Keep it coming! We haven’t figured out how to fairly integrate this data yet, but we plan to.
Source:
http://bugcrowd.com/
just let you know : http://crowdsec.6ix-it.com/
ReplyDelete