Below is a curated list of Active Bounty Programs by reputable companies
Read First : What is Bug Bounty Program ? Types, Tools and Skills
Intel’s bounty program mainly targets the company’s hardware, firmware, and software.
Limitations: It does not include recent acquisitions, the company’s web infrastructure, third-party products, or anything relating to McAfee.
Minimum Payout: Intel offers a minimum amount of $500 for finding bugs in their system.
Maximum Payout: The Company pays $30,000 maximum for detecting critical bugs.
Yahoo has its dedicated team that accepts vulnerability reports from security researchers and ethical hackers.
Limitations: The Company does not offer any reward for finding bugs in yahoo.net, Yahoo 7 Yahoo Japan, Onwander and Yahoo operated Word press blogs.
Minimum Payout: There is no set limit on Yahoo for minimum payout.
Maximum Payout: Yahoo can pay $15000 for detecting important bugs in their system.
Snapchat security team reviews all vulnerability reports and acts upon them by responsible disclosure. The company, we will acknowledge your submission within 30 days.
Minimum Payout: Snapchat will pay minimum $2000.
Maximum Payout: Maximum they will pay is $15,000.
Cisco encourages individuals or organization that are experiencing a product security issue to report them to the company.
Minimum Payout: Cisco’s minimum payout amount is $100.
Maximum Payout: Company will give maximum $2,500 to finding serious vulnerabilities.
Dropbox bounty program allows security researchers to report bugs and vulnerabilities on the third party service HackerOne.
Minimum Payout: The minimum amount paid is $12,167.
Maximum Payout: The maximum amount offered is $32,768.
When Apple first launched its bug bounty program it allowed just 24 security researchers. The framework then expanded to include more bug bounty hunters.
The company will pay $100,000 to those who can extract data protected by Apple’s Secure Enclave technology.
Minimum Payout: There is no limited amount fixed by Apple Inc.
Maximum payout: The highest bounty given by Apple is $200,000 for security issues affecting its firmware.
Bounty Link: https://support.apple.com/en-au/HT201220
Under Facebook’s bug bounty program users can report a security issue on Facebook, Instagram, Atlas, WhatsApp, etc.
Limitations: There are a few security issues that the social networking platform considers out-of-bounds.
Minimum Payout: Facebook will pay a minimum of $500 for a disclosed vulnerability.
Maximum Payout: There is no upper limit fixed by Facebook for the Payout.
Bounty Link: https://www.facebook.com/whitehat/
Every content in the .google.com, .blogger, youtube.com are open for Google’s vulnerability rewards program.
Limitations: This bounty program only covers design and implementation issues.
Minimum Payout: Google will pay minimum $300 for finding security threads.
Maximum Payout: Google will pay the highest bounty of $31.337 for normal Google applications.
Quora offers Bug Bounty program to all users and researchers to find and report security vulnerabilities.
Minimum Payout: Quora will pay minimum $100 for finding vulnerabilities on their site.
Maximum Payout: Maximum payout offered by this site is $7000.
Bounty Link: https://engineering.quora.com/Security-Bug-Bounty-Program
Mozilla rewards for vulnerability discoveries by ethical hackers and security researchers.
Limitations: The bounty is offered only for bugs in Mozilla services, such as Firefox, Thunderbird and other related applications and services.
Minimum Payout: Minium amount given by Firefox is $500.
Maximum Payout: The Company is paying a maximum of $5000.
Bounty Link: https://www.mozilla.org/en-US/security/bug-bounty/
Microsoft’s current bug bounty program was officially launched on 23rd September 2014 and deals only with Online Services.
Limitations: The bounty reward is only given for the critical and important vulnerabilities.
Minimum Payout: Microsoft ready to pay $15,000 for finding critical bugs.
Maximum Payout: Maximum amount can be $250,000.
OpenSSL bounty allows you to report vulnerabilities using secure email (PGP Key). You can also report vulnerabilities to the OpenSSL Management Committee.
Minimum Payout: The Company pays minimum bounty rewards of $500.
Maximum Payout: The highest amount given by the company is $5000.
Bounty Link: https://www.openssl.org/news/vulnerabilities.html
Vimeo welcomes any security vulnerability reporting in their products as the company pays good rewards to that person.
Minimum payout: The Company will pay minimum $500
Maximum Payout: The maximum amount paid by this company is $5000.
Bounty Link: https://vimeo.com/about/security
Apache encourages ethical hackers to report security vulnerabilities to one of their private security mailing lists.
Minimum payout: The minimum pay out amount given by Apache is $500.
Maximum Payout: This Company can maximum give a reward of $3000.
Bounty Link: https://www.apache.org/security/
Twitter allows security researchers and experts about possible security vulnerabilities in their services. The company encourages people to find bugs.
Minimum Payout: Twitter is paying minimum $140 amount.
Maximum Payout: Maximum amount pay by the company is $15000.
Bounty Link: https://support.twitter.com/articles/477159
Avast bounty program rewards ethical hackers and security researchers to report Remote code execution, Local privilege escalation, DOS, scanner bypass amongst other issues.
Minimum Payout: Avast can pay you the minimum amount of $400.
Maximum Payout: The maximum amount offered by the company is $10,000.
Bounty Link: https://www.avast.com/bug-bounty
Payment gateway service Paypal also offers bug bounty programs for security researchers.
Vulnerabilities dependent upon social engineering techniques, Host Header
Denial of service (DOS), User defined payload, Content spoofing without embedded links/HTM and Vulnerabilities which require a jailbroken mobile device, etc.
Minimum Payout: Paypal can pay minimum $50 for finding security vulnerabilities in their system.
Maximum Payout: Maximum payout amount given by Paypal is $10000.
Bounty Link: https://hackerone.com/paypal
GitHub’s runs bug bounty program since 2013. Every successful participant earned points for their vulnerability submissions depending on the severity.
Limitation: The security researcher will receive that bounty only if they respect users’ data and don’t exploit any issue to produce an attack that could harm the integrity of GitHub’s services or information.
Minimum Payout: Github pays a minimum amount of $200 for finding bugs.
Maximum Payout: Github can pay $10000 for finding critical bugs.
Bounty Link: https://bounty.github.com/
The vulnerability rewards program of Uber primarily focused on protecting the data of users and its employees.
Minimum Payout: There is no predetermined minimum amount.
Maximum Payout: Uber will pay you $10,000 for finding critical bug issues.
Bounty Link: https://eng.uber.com/bug-bounty-map/
Magneto bounty program allows you to report security vulnerabilities in Magneto software or websites.
Following security research is not eligible for the bounty
- Potential or actual denial of service of Magento applications and systems.
- Use of an exploit to view data without authorization.
- Automated/scripted testing of web forms
Minimum Payout: Minimum payout amount for this is bounty program is $100.
Maximum Payout: Magento is paying maximum $10,000 for finding critical bugs.
Bounty Link: https://magento.com/security
Perl is also running bug bounty programs. If someone found a security vulnerability in Perl, they can contact the company.
Minimum Payout: The Company pays a minimum amount of $500.
Maximum Payout: The highest amount given by Perl is $1500.
PHP allows ethical hackers to find a bug in their site.
Limitations: You need to check the list of already finding bugs. If you not follow this instruction your bug is not considered.
Maximum Payout: Minimum Payout amount is $500.
Minimum Payout: Maximum $1500 is given by PHP for searching important bugs.
Bounty Link: https://bugs.php.net/report.php?bug_type=Security
Starbucks runs bug Bounty program to protect their customers. They encourage to find malicious activity in their networks, web and mobile applications policies.
Minimum Payout: The minimum amount paid by Starbucks $100.
Maximum Payout: The maximum amount goes up to $4000.
Bounty Link: https://www.starbucks.com/whitehat
AT&T also has its bug hunting channel. Developers and security experts can research the various platforms like websites, APIs, and mobile applications.
Minimum Payout: Minimum Amount Paid by them is $500.
Maximum Payout: There is no such upper limit for payout.
Bounty Link: https://bugbounty.att.com/
The LinkedIn welcomes Individual researchers who contribute their expertise and time to find bugs.
The company will reward you, but neither minimum nor maximum amount is a fix for this purpose.
Paytm invites independent security groups or individual researchers to study it across all platforms
- Reports that state that software is out of date/vulnerable without a ‘Proof of Concept.’
- XSS issues that affect only outdated browsers.
- Stack traces that disclose information.
- Any fraud issues
Minimum Payout: The Company will pay minimum $15 for finding bugs.
Maximum Payout: This company does not fix the upper limit.
Bounty Link: https://paytm.com/offer/bug-bounty/
Shopify’s Whitehat program rewards security researchers for finding severe security vulnerabilities
Minimum Payout: The minimum amount paid by the Shopify is $500.
Maximum Payout: There is no fix upper limit for paying the bounty.
Bounty Link: https://www.shopify.in/whitehat
28) Word Press
WordPress also welcomes security researchers to report about the bugs that they have found.
Minimum Payout: WordPress Pays $150 minimum for reporting bugs on their site.
Maximum Payout: The Company does not fix a maximum limit to pay as bounty.
Zomato helps security researcher to identified security-related issues with company’s website or apps.
Minimum Payout: Zomato will pay minimum $1000 for finding important bugs.
Maximum Payout: There is no maximum fix amount.
Bounty Link: https://www.zomato.com/security
30) Tor Project
Tor Project’s bug bounty program covers two of its core services: its network daemon and browser.
Limitation: OpenSSL applications are excluded from this scope.
Minimum Payout: The minimum amount paid by them is $100.
Maximum Payout: The Company will pay you maximum $4000.
(No link available) Bounty Link: firstname.lastname@example.org
HackerOne is one of the biggest vulnerability coordination and bug bounty platform. It helps companies to protect their consumer data by working with the global research community for finding most relevant security issues. Many known companies like Yahoo, Shopify, PHP, Google, Snapchat, and Wink are taking the service of this website to give a reward to security researchers and ethical hackers.
Bounty Link: https://hackerone.com/bug-bounty-programs
A powerful platform connecting the global security researcher community to the security market. This site aims to provide right mix and type of researcher suited according to the specific website to their worldwide clients. The hackers just need to select their reports on this site, and if they can detect right bugs, the specific company will pay the amount to that person.
Bounty Link: https://www.bugcrowd.com/bug-bounty-list/
|airline bug bounty programs|
|amazon bug bounty|
|an empirical study of bug bounty programs|
|apple bug bounty programs|
|are bug bounty programs legal|
|aws bug bounty program|
|benefits of a bug bounty programs|
|benefits of bug bounty programs|
|best bug bounty programs|
|best bug bounty programs for beginners|
|best bug bounty programs reddit|
|best practices for bug bounty programs|
|best programs for bug bounty|
|better bug bounty programs|
|bounty programs bug bounties|
|bug bounty applications|
|bug bounty for software|
|bug bounty hunting programs|
|bug bounty program amazon|
|bug bounty program beginner|
|bug bounty program benefits|
|bug bounty program btc|
|bug bounty program bugcrowd|
|bug bounty program cash|
|bug bounty program certification|
|bug bounty program certification video|
|bug bounty program cisco|
|bug bounty program companies|
|bug bounty program cons|
|bug bounty program correct name|
|bug bounty program cost|
|bug bounty program course udemy|
|bug bounty program data|
|bug bounty program data breach|
|bug bounty program defined|
|bug bounty program definition|
|bug bounty program discord|
|bug bounty program dorks|
|bug bounty program earning|
|bug bounty program email|
|bug bounty program email address|
|bug bounty program employees|
|bug bounty program ethics|
|bug bounty program europe|
|bug bounty program examples|
|bug bounty program explanation|
|bug bounty program features|
|bug bounty program for companies|
|bug bounty program for dummies|
|bug bounty program game|
|bug bounty program git|
|bug bounty program govtech|
|bug bounty program guidelines|
|bug bounty program highest paid|
|bug bounty program hunters|
|bug bounty program in hindi|
|bug bounty program japan|
|bug bounty program la gi|
|bug bounty program line|
|bug bounty program linkedin|
|bug bounty program list 2020|
|bug bounty program malaysia|
|bug bounty program mastercard|
|bug bounty program money|
|bug bounty program on hackerone|
|bug bounty program open|
|bug bounty program payouts|
|bug bounty program paypal|
|bug bounty program paytm|
|bug bounty program platform|
|bug bounty program playstation|
|bug bounty program ps4|
|bug bounty program quora|
|bug bounty program rewards|
|bug bounty program risks|
|bug bounty program roblox|
|bug bounty program rockstar|
|bug bounty program tax|
|bug bounty program template|
|bug bounty program tesla|
|bug bounty program training|
|bug bounty program tutorial|
|bug bounty program twilio|
|bug bounty program upsc|
|bug bounty program use|
|bug bounty program vendors|
|bug bounty program website|
|bug bounty program what is it|
|bug bounty program whatsapp|
|bug bounty program winner|
|bug bounty program worth it|
|bug bounty program zoom|
|bug bounty programs|
|bug bounty programs 2020|
|bug bounty programs 2021|
|bug bounty programs apple|
|bug bounty programs average salary|
|bug bounty programs canada|
|bug bounty programs courses|
|bug bounty programs database|
|bug bounty programs def|
|bug bounty programs developers|
|bug bounty programs directory|
|bug bounty programs exploits|
|bug bounty programs facebook|
|bug bounty programs for beginners|
|bug bounty programs for cybersecurity practices issues and recommendations|
|bug bounty programs for iot|
|bug bounty programs github|
|bug bounty programs google|
|bug bounty programs hacker news|
|bug bounty programs hackerone|
|bug bounty programs how much money|
|bug bounty programs in india|
|bug bounty programs in kenya|
|bug bounty programs india|
|bug bounty programs jobs|
|bug bounty programs learn|
|bug bounty programs list|
|bug bounty programs list github|
|bug bounty programs make|
|bug bounty programs mean|
|bug bounty programs microsoft|
|bug bounty programs million|
|bug bounty programs offer|
|bug bounty programs paid|
|bug bounty programs pay|
|bug bounty programs pros and cons|
|bug bounty programs python|
|bug bounty programs que es|
|bug bounty programs recognition|
|bug bounty programs recon|
|bug bounty programs reddit|
|bug bounty programs research paper|
|bug bounty programs revenue|
|bug bounty programs rules|
|bug bounty programs salary|
|bug bounty programs south africa|
|bug bounty programs top companies|
|bug bounty programs uk|
|bug bounty programs what does it mean|
|bug bounty programs wiki|
|bug bounty programs youtube|
|bug bounty que es|
|bug bounty start|
|bug bounty vulnerability software|
|bugcrowd bounty programs|
|bugcrowd bug bounty programs|
|companies have bug bounty programs|
|companies using bug bounty programs|
|companies with bug bounty programs|
|cost of bug bounty programs|
|crowdsourced security vulnerability discovery modeling and organizing bug-bounty programs|
|current bug bounty programs|
|dangers of bug bounty programs|
|developers bug bounty programs|
|dod bug bounty programs|
|dollar bug bounty programs|
|dutch government bug bounty program list scope|
|easy bug bounty programs|
|essential component of such bug bounty programs|
|evaluate bug bounty programs|
|external bug bounty programs|
|find bug bounty programs|
|find private bug bounty programs|
|following companies have bug bounty programs|
|free bug bounty programs|
|github bug bounty programs|
|google bug bounty programs|
|government bug bounty programs|
|hackerone bug bounty program list|
|hackerone bug bounty programs|
|highest bug bounty programs|
|highest paid bug bounty program|
|highest paid bug bounty programs|
|highest paying bug bounty programs|
|history of bug bounty programs|
|how bug bounty program works|
|how do bug bounty programs make money|
|how does bug bounty programs work|
|how much does bug bounty programs make|
|how to choose a bug bounty program|
|how to earn money from bug bounty|
|how to find bug bounty|
|how to find bug bounty program|
|how to find bug bounty programs|
|how to make money bug bounty|
|how to start bug bounty program|
|importance of bug bounty programs|
|indian bug bounty program websites|
|indian bug bounty programs|
|integrity bug bounty programs|
|internal bug bounty programs|
|iot bug bounty programs|
|largest bug bounty programs|
|latest bug bounty programs|
|latest bug bounty programs 2020|
|latest bug bounty programs 2021|
|latest news bug bounty programs|
|launch bug bounty programs|
|list of all bug bounty programs|
|list of bug bounty programs|
|list of bug bounty programs github|
|microsoft bug bounty programs|
|netherlands bug bounty programs|
|new bug bounty programs|
|online bug bounty programs|
|open bug bounty programs|
|open source bug bounty programs|
|other bug bounty programs|
|paid bug bounty programs|
|pen testing bug bounty programs|
|private bug bounty programs|
|private vs public bug bounty programs|
|problems of bug bounty programs|
|pros and cons of bug bounty programs|
|public bug bounty programs|
|purpose of bug bounty programs|
|recon bug bounty programs|
|rewards for bug bounty programs|
|should the federal government have bug bounty programs|
|should the federal government have bug bounty programs why or why not|
|site bug bounty programs|
|small bug bounty programs|
|software bug bounty programs|
|startup bug bounty programs|
|synack bug bounty programs|
|the beginner’s’ guide to bug bounty programs|
|the beginner’s’ guide to bug bounty programs pdf|
|the rules of engagement for bug bounty programs|
|top bug bounty programs|
|types of bug bounty programs|
|use of bug bounty programs|
|what are bug bounty programs|
|what are the advantages of bug bounty programs over normal testing practices|
|what is a bug bounty programs|
|what is bug bounty programs|
|what is meant by bug bounty programs|
|when did bug bounty program began|
|where to find bug bounty programs|
|which among the following companies have bug bounty program mozilla|
|which among the following companies have bug bounty programs|
|which among the following companies have bug bounty programs course hero|
|which among the following companies have bug bounty programs facebook|
|which among the following companies have bug bounty programs microsoft|
|which companies have bug bounty programs|
|why bug bounty program|
|wide scope bug bounty programs|