Bug Bounty Web List 2020

Bug Bounty

What is the Bug Bounty Program?

Bug Bounty program provides recognition and compensation to security researchers practicing responsible disclosure. Company started Bug Bounty programs for improve their security, Cyber security researchers are finding vulnerabilities on top websites and get rewarded.

Here are following Bug Bounty Web List.

Reward Programs

  • AT&T – http://developer.att.com/developer/apiDetailPage.jsp?passedItemId=10700235
    (To submit you need to sign up to the free Developer API program)
  • Airtable – https://staging.airtable.com/security#responsible-disclosure
  • Algolia – https://hackerone.com/algolia
  • Alibaba – https://security.alibaba.com
  • Avast! – http://www.avast.com/bug-bounty
  • Barracuda – http://barracudalabs.com/
  • Badoo – http://corp.badoo.com/security
  • Brave – brave.com , mail to [email protected]
  • Coinbase – https://coinbase.com/whitehat
  • Chromium Project – http://www.chromium.org/
  • CrowdShield – https://crowdshield.com/
  • Cryptocat – https://crypto.cat/bughunt/
  • Facebook – http://www.facebook.com/whitehat/
  • Etsy – http://www.etsy.com/help/article/2463
  • Gallery – http://codex.gallery2.org/Bounties
  • Ghostscript – http://ghostscript.com/Bug_bounty_program.html (Mostly software development, occasional security issues)
  • Google – http://www.google.com/about/company/rewardprogram.html
  • Hex-Rays – http://www.hex-rays.com/bugbounty.shtml
  • IntegraXor (SCADA) – http://www.integraxor.com/blog/integraxor-hmi-scada-bug-bounty-program
  • LaunchKey – https://launchkey.com/docs/whitehat
  • LiveAgent – https://www.ladesk.com/bug-bounty-program/
  • Marktplaats – http://statisch.marktplaats.nl/help/
  • Mega.co.nz – http://thenextweb.com/insider/2013/02/01/kim-dotcom-puts-up-13500-bounty-for-first-person-to-break-megas-security-system/
  • Meraki – http://www.meraki.com/trust/#srp
  • Microsoft – http://www.microsoft.com/security/msrc/report
  • Monet- https://monet.network/
  • Mozilla – http://www.mozilla.org/security/bug-bounty.html
  • Paypal – https://www.paypal.com/us/webapps/mpp/security/reporting-security-issues
  • PikaPay – https://www.pikapay.com/pikapay-security-policy/
  • Piwik – http://piwik.org/security/
  • Post Affiliate Pro – https://www.postaffiliatepro.com/post-affiliate-pro-bug-bounty-program
  • Recargapay – recargapay.com.br Mail to [email protected]
  • Ricebridge – http://www.ricebridge.com/bugs.htm (Only available to customers)
  • Ripple – https://ripple.com/bug-bounty/
  • Samsung – https://samsungtvbounty.com/
  • Simple – https://www.simple.com/policies/website-security/
  • Tarsnap – https://www.tarsnap.com/bugbounty.html
  • Qiwi – https://www.qiwi.ru/page/hack.action
  • Qmail – http://cr.yp.to/djbdns/guarantee.html
  • Yandex – http://company.yandex.com/security/index.xml
  • Zerobrane – http://notebook.kulchenko.com/zerobrane/zerobrane-studio-bug-bounty

Product and Services (Hall Of Fame Only)

  • Acquia – https://www.acquia.com/how-report-security-issue
  • ActiveProspect – http://activeprospect.com/activeprospect-security/
  • Adobe – http://www.adobe.com/support/security/alertus.html
  • Amazon.com (retail) – please email details to [email protected]on.com
  • Android Free Apps – http://www.androidfreeapp.net/security-researcher-acknowledgments/
  • Apple – http://support.apple.com/kb/HT1318
  • Blackberry – http://us.blackberry.com/business/topics/security/incident-response-team/collaborations.html
  • Braintree – https://www.braintreepayments.com/developers/disclosure
  • Card – https://www.card.com/responsible-disclosure-policy
  • cPaperless – http://www.cpaperless.com/securitystatement.aspx
  • Chargify – https://chargify.com/security/
  • DiMartino Entertainment – http://moosikay.dimartinoentertainment.com/site/credits/
  • eBay – http://pages.ebay.com/securitycenter
  • EVE – http://community.eveonline.com/devblog.asp?a=blog&nbid=2384
  • Evernote – http://evernote.com/security/
  • Foursquare – https://foursquare.com/about/security
  • Freelancer – http://www.freelancer.com/info/vulnerability-submission.php
  • Future Of Enforcement – http://futureofenforcement.com/?page_id=695
  • Gitlab – http://blog.gitlab.com/responsible-disclosure-policy/
  • Gliph – https://gli.ph/s/security.html
  • HakSecurity – http://haksecurity.com/special-thanks/
  • Harmony – http://get.harmonyapp.com/security/
  • Heroku – https://www.heroku.com/policy/security-hall-of-fame
  • Iconfinder – http://support.iconfinder.com/customer/portal/articles/1217282-responsible-disclosure-of-security-vulnerabilities
  • Kaneva – http://docs.kaneva.com/mediawiki/index.php/Bug_Bounty
  • Kayako – https://my.kayako.com/
  • Lastpass – https://lastpass.com/support_security.php
  • Mahara – https://wiki.mahara.org/index.php
  • MailChimp – http://mailchimp.com/about/security-response/
  • Microsoft (Online Services) – http://technet.microsoft.com/en-us/security/cc308589
  • Netflix – http://support.netflix.com/en/node/6657#gsc.tab=0
  • Nokia – http://www.nokia.com/global/security/acknowledgements/
  • Nokia Siemens Networks – http://www.nokiasiemensnetworks.com/about-us/responsible-disclosure
  • Norada – http://norada.com/crm-software/security_response
  • Owncloud – http://owncloud.org/about/security/hall-of-fame/
  • Opera – https://bugs.opera.com/wizarddesktop/
  • Oracle – http://:oracle.com/technetwork/topics/security
  • Puppet Labs – https://puppetlabs.com/security/acknowledgments/
  • RedHat – https://access.redhat.com/knowledge/articles/66234
  • Risk.io – https://www.risk.io/security
  • Security Net – http://www.securitynet.org/security-researcher-acknoledgments/
  • Sellfy – https://sellfy.com/security/
  • Spotify – https://www.spotify.com/us/about-us/contact/report-security-issues/
  • Sprout Social – http://sproutsocial.com/responsible-disclosure-policy
  • Telekom – http://www.telekom.com/corporate-responsibility/security/186450
  • Thingomatic – http://thingomatic.org/security.html
  • 37signals – https://37signals.com/security-response
  • Tuenti – http://corporate.tuenti.com/en/dev/hall-of-fame
  • Twilio – https://www.twilio.com/docs/security/disclosure
  • Twitter – https://twitter.com/about/security
  • WizeHive – http://www.wizehive.com/special_thanks.html
  • Xmarks – https://buy.xmarks.com/security.php
  • Zendesk – http://www.zendesk.com/company/responsible-disclosure-policy
  • Zynga – http://company.zynga.com/security/whitehats

Product & Services (No Reward)

  • Amazon Web Services (AWS) – http://aws.amazon.com/security/vulnerability-reporting
  • Apriva – http://www.apriva.com/security
  • Authy – https://www.authy.com/security-issue
  • Blackboard – http://www.blackboard.com/footer/security-policy.aspx
  • Box – https://www.box.com/about-us/security/
  • Cisco – http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
  • Cloudnetz – http://cloudnetz.com/Legal/vulnerability-testing-policy.html
  • Contant Contact – http://www.constantcontact.com/about-constant-contact/security/report-vulnerability.jsp
  • Coupa – http://trust.coupa.com/home/security/coupa-vulnerability-reporting-policy
  • Drupal – https://drupal.org/security-team
  • EMC2 – http://www.emc.com/contact-us/contact/product-security-response-center.htm
  • Emptrust – http://www.emptrust.com/Security.aspx
  • Heroku – https://www.heroku.com/policy/security-hall-of-fame
  • HTC – http://www.htc.com/us/terms/product-security/
  • Huawei – http://www.huawei.com/en/security/psirt/report-vulnerabilities/index.htm
  • IBM – http://www-03.ibm.com/security/secure-engineering/report.html
  • KPN – http://www.kpn.com/Privacy.htm#tabcontent3
  • Lievensberg Hospital – http://www.lievensbergziekenhuis.nl/paginas/141-disclaimer.html
  • LinkedIn – http://help.linkedin.com/app/answers/detail/a_id/37022
  • Lookout – https://www.lookout.com/responsible-disclosure
  • Millsap Independent School District – http://www.millsapisd.net/BugReport.cfm
  • Modus CSR – http://www.moduscsr.com/security_statement.php
  • PagerDuty – http://www.pagerduty.com/security/disclosure/
  • Panzura – http://panzura.com/support/panzura-security-policy/
  • Pidgin – http://pidgin.im/security/
  • Plone – http://plone.org/products/plone/security/advisories
  • Pop Group – http://www.popgroupglobal.com/security.php
  • Reddit – http://code.reddit.com/wiki/help/whitehat
  • Relaso – http://relaso.com/disclosure
  • Salesforce – http://www.salesforce.com/company/privacy/security.jsp#vulnerability
  • Simplify – http://simplify-llc.com/simplify-security.html
  • Skoodat – http://www.skoodat.com/security
  • Scorpion Software – http://www.scorpionsoft.com/company/disclosurepolicy/
  • Square – https://squareup.com/security/levels
  • Symantec – http://www.symantec.com/security/
  • Team Unify – http://www.teamunify.com/__corp__/security.php
  • Tele2 – http://www.tele2.nl/klantenservice/veiligheid/tele2-en-veiligheid.html
  • T-Mobile (Netherlands) – http://www.t-mobile.nl/Global/media/pdf/privacy_statement_juni_2012.pdf
  • UPC – http://www.upc.nl/internet/veilig_internet/beveiligingsproblemen/
  • Viadeo – http://www.viadeo.com/aide/security/
  • Vodafone (Netherlands) – http://over.vodafone.nl/vodafone-nederland/privacy-veiligheid/beveiliging-en-bescherming/wat-doet-vodafone/meld-een-beveilig
  • VSR – http://www.vsecurity.com/company/disclosure
  • X.commerce – http://www.x.com/security
  • Xen – http://www.xen.org/projects/security_vulnerability_process.html
  • Ziggo – https://www.ziggo.nl/#klantenservice/internet/risicos-op-internet/meldpunt-beveiligingslekken
For the latest update about Cyber and Infosec World, follow us on Twitter, Facebook, Telegram , Instagram and subscribe to our YouTube Channel.

Subscribe to HackersOnlineClub via Email

Enter your Email address to receive notifications of Latest Posts by Email | Join over Million Followers