Skip to content Skip to footer
Top

Bounty Hunter Programs

Below is a curated list of Bounty Programs by reputable companies

  1. Intel
    1. Intel’s bounty program mainly targets the company’s hardware, firmware, and software.
    2. Limitations: It does not include recent acquisitions, the company’s web infrastructure, third-party products, or anything relating to McAfee.
    3. Minimum Payout: Intel offers a minimum of $500 to find bugs in their system.
    4. Maximum Payout: The Company pays a maximum of $30,000 for detecting critical bugs.
    5. Bounty Link: https://security-center.intel.com/BugBountyProgram.aspx
  2. Yahoo
    1. Yahoo has a dedicated team that accepts vulnerability reports from security researchers and ethical hackers.
    2. Limitations: The Company does not offer a reward for finding bugs in Yahoo.net, Yahoo 7, Yahoo Japan, Onwander, or Yahoo-operated WordPress blogs.
    3. Minimum Payout: There is no set limit on Yahoo for minimum payout.
    4. Maximum Payout: Yahoo can pay $ 15,000 to detect critical bugs in its system.
    5. Bounty Link:https://safety.yahoo.com/Security/REPORTING-ISSUES.html
  3. Snapchat
    1. Snapchat security team reviews all vulnerability reports and acts upon them by responsible disclosure. The company will acknowledge your submission within 30 days.
    2. Minimum Payout: Snapchat will pay a minimum of $2000.
    3. Maximum Payout: The maximum they will pay is $15,000.
    4. Bounty Link:https://support.snapchat.com/en-US/i-need-help
  4. Cisco
    1. Cisco encourages individuals or organizations experiencing a product security issue to report them to the company.
    2. Minimum Payout: Cisco’s minimum payout amount is $100.
    3. Maximum Payout: The company will give a maximum of $2,500 to find serious vulnerabilities.
    4. Bounty Link: https://tools.cisco.com/security/center/resources/security_vulnerability_policy.html
  5. Dropbox
    1. Dropbox bounty program allows security researchers to report bugs and vulnerabilities in the third-party service HackerOne.
    2. Minimum Payout: The minimum amount paid is $12,167.
    3. Maximum Payout: The maximum amount offered is $32,768.
    4. Bounty Link: https://help.dropbox.com/accounts-billing/security/how-security-works
  6. Apple
    1. When Apple launched its bug bounty program, it allowed only 24 security researchers to participate. The framework then expanded to include more bug bounty hunters.
    2. The company will pay $100,000 to those who can extract data protected by Apple’s Secure Enclave technology.
    3. Minimum Payout: Apple Inc. has no limited amount fixed.
    4. Maximum payout: Apple’s highest bounty is $200,000 for security issues affecting its firmware.
    5. Bounty Link: https://support.apple.com/en-in/HT201220
  7. Facebook
    1. Under Facebook’s bug bounty program, users can report security issues on Facebook, Instagram, Atlas, WhatsApp, etc.
    2. Limitations: The social networking platform considers a few security issues out-of-bound.
    3. Minimum Payout: Facebook will pay a minimum of $500 for a disclosed vulnerability.
    4. Maximum Payout: Facebook has no upper limit for Payouts.
    5. Bounty Link: https://www.facebook.com/whitehat/
  8. Google
    1. Every content on .google.com, .blogger, and youtube.com is open to Google’s vulnerability rewards program.
    2. Limitations: This bounty program only covers design and implementation issues.
    3. Minimum Payout: Google will pay a minimum of $300 to find security threads.
    4. Maximum Payout: Google will pay the highest bounty of $31.337 for everyday Google applications.
    5. Bounty Link: https://www.google.com/about/appsecurity/reward-program/
  9. Quora
    1. Quora offers a Bug Bounty program to all users and researchers to find and report security vulnerabilities.
    2. Minimum Payout: Quora will pay a minimum of $100 to find vulnerabilities on its site.
    3. Maximum Payout: The maximum payout offered by this site is $7000.
    4. Bounty Link: https://engineering.quora.com/Security-Bug-Bounty-Program
  10. Mozilla
    1. Mozilla rewards vulnerability discoveries by ethical hackers and security researchers.
    2. Limitations: The bounty is offered only for bugs in Mozilla services, such as Firefox, Thunderbird, and other related applications and services.
    3. Minimum Payout: The minimum amount given by Firefox is $500.
    4. Maximum Payout: The Company is paying a maximum of $5000.
    5. Bounty Link: https://www.mozilla.org/en-US/security/bug-bounty/
  11. Microsoft
    1. Microsoft’s current bug bounty program was officially launched on 23rd September 2014 and deals only with Online Services.
    2. Limitations: The bounty reward is only given for critical vulnerabilities.
    3. Minimum Payout: Microsoft is ready to pay $15,000 for finding critical bugs.
    4. Maximum Payout: The maximum amount can be $250,000.
    5. Bounty Link: https://technet.microsoft.com/en-us/library/dn425036.aspx
  12. OpenSSL
    1. OpenSSL bounty allows you to report vulnerabilities using secure email (PGP Key) and to the OpenSSL Management Committee.
    2. Minimum Payout: The Company pays minimum bounty rewards of $500.
    3. Maximum Payout: The highest amount given by the company is $5000.
    4. Bounty Link: https://www.openssl.org/news/vulnerabilities.html
  13. Vimeo
    1. Vimeo welcomes any security vulnerability reporting on its products as the company pays good rewards to that person.
    2. Minimum payout: The Company will pay a minimum of $500
    3. Maximum Payout: The maximum amount paid by this company is $5000.
    4. Bounty Link: https://vimeo.com/about/security
  14. Apache
    1. Apache encourages ethical hackers to report security vulnerabilities to one of their private security mailing lists.
    2. Minimum payout: Apache gives the minimum payout amount of $500.
    3. Maximum Payout: This Company can give a reward of $3000.
    4. Bounty Link: https://www.apache.org/security/
  15. Twitter
    1. Twitter informs security researchers and experts about possible security vulnerabilities in its services and encourages people to find bugs.
    2. Minimum Payout: Twitter is paying a minimum of $140.
    3. Maximum Payout: The maximum amount paid by the company is $ 15,000.
    4. Bounty Link: https://support.twitter.com/articles/477159
  16. Avast
    1. Avast bounty program rewards ethical hackers and security researchers for reporting Remote code execution, Local privilege escalation, DOS, and scanner bypass, amongst other issues.
    2. Minimum Payout: Avast can pay you the minimum amount of $400.
    3. Maximum Payout: The maximum amount offered by the company is $10,000.
    4. Bounty Link: https://www.avast.com/bug-bounty
  17. Paypal
    1. Payment gateway service Paypal also offers bug bounty programs for security researchers.
    2. Limitations:
      1. Vulnerabilities dependent upon social engineering techniques, Host Header
      2. Denial of service (DOS), user-defined payload, content spoofing without embedded links/HTM, vulnerabilities that require a jailbroken mobile device, etc.
    3. Minimum Payout: PayPal can pay a minimum of $50 for finding security vulnerabilities in their system.
    4. Maximum Payout: The maximum payout amount given by Paypal is $10000.
    5. Bounty Link: https://hackerone.com/paypal
  18. GitHub
    1. GitHub has run a bug bounty program since 2013. Every successful participant earned points depending on the severity of their vulnerability submissions.
    2. Limitation:
      1. The security researcher will receive that bounty only if they respect users’ data and don’t exploit any issue to produce an attack that could harm the integrity of GitHub’s services or information.
    3. Minimum Payout: Github pays a minimum of $200 to find bugs.
    4. Maximum Payout: Github can pay $10000 for finding critical bugs.
    5. Bounty Link: https://bounty.github.com/
  19. Uber
    1. Uber’s vulnerability rewards program primarily protects users’ and employees’ data.
    2. Minimum Payout: There is no predetermined minimum amount.
    3. Maximum Payout: Uber will pay you $10,000 for finding critical bug issues.
    4. Bounty Link: https://eng.uber.com/bug-bounty-map/
  20. Magento
    1. Magneto bounty program allows you to report security vulnerabilities in Magneto software or websites.
    2. Limitations:
      1. Following security, research is not eligible for the bounty.
        1. Potential or actual denial of service of Magento applications and systems.
        2. Use of an exploit to view data without authorization.
        3. Automated/scripted testing of web forms
    3. Minimum Payout: The minimum payout amount for this bounty program is $100.
    4. Maximum Payout: Magento is paying a maximum of $10,000 to find critical bugs.
    5. Bounty Link: https://magento.com/security
  21. Perl
    1. Perl also runs bug bounty programs. If someone finds a security vulnerability in Perl, they can contact the company.
    2. Minimum Payout: The Company pays a minimum amount of $500.
    3. Maximum Payout: The highest amount given by Perl is $1500.
    4. Bounty Link: http://perldoc.perl.org/perlsec.html#SECURITY-VULNERABILITY-CONTACT-INFORMATION
  22. PHP
    1. PHP allows ethical hackers to find a bug in their site.
    2. Limitations: You need to check the bugs that have already been found. Follow this instruction to ensure your bug is considered.
    3. Minimum Payout: The minimum Payout amount is $500.
    4. Maximum Payout: PHP gives a maximum of $1500 to search for essential bugs.
    5. Bounty Link: https://bugs.php.net/report.php?bug_type=Security
  23. Starbucks
    1. Starbucks runs a bug Bounty program to protect its customers. They encourage malicious activity in their networks and web and mobile application policies.
    2. Minimum Payout: The minimum amount paid by Starbucks is $100.
    3. Maximum Payout: The maximum amount goes up to $4000.
    4. Bounty Link: https://www.starbucks.com/whitehat
  24. AT&T
    1. AT&T also has a bug-hunting channel. Developers and security experts can research various platforms like websites, APIs, and mobile applications.
    2. Minimum Payout: The minimum Amount Paid by them is $500.
    3. Maximum Payout: There is no such upper limit for payout.
    4. Bounty Link: https://bugbounty.att.com/
  25. LinkedIn
    1. LinkedIn welcomes Individual researchers who contribute their expertise and time to find bugs.
    2. The company will reward you, but neither minimum nor maximum amount is a fix for this purpose.
    3. Bounty Link: https://security.linkedin.com/posts/2015/private-bug-bounty-program
  26. Paytm
    1. Paytm invites independent security groups or individual researchers to study it across all platforms.
    2. Limitations:
      1. Reports state that software is outdated/vulnerable without a ‘Proof of Concept.’
      2. XSS issues that affect only outdated browsers.
      3. Stack traces that disclose information.
      4. Any fraud issues
    3. Minimum Payout: The Company will pay a minimum of $15 for finding bugs.
    4. Maximum Payout: This company has not fixed the upper limit.
    5. Bounty Link: https://paytm.com/offer/bug-bounty/
  27. Shopify
    1. Shopify’s Whitehat program rewards security researchers for finding severe security vulnerabilities.
    2. Minimum Payout: Shopify’s minimum payment is $500.
    3. Maximum Payout: There is no fixed upper limit for paying the bounty.
    4. Bounty Link: https://www.shopify.in/whitehat
  28. WordPress
    1. WordPress also welcomes security researchers to report the bugs they have found.
    2. Minimum Payout: WordPress Pays $150 minimum for reporting bugs on their site.
    3. Maximum Payout: The Company does not fix a maximum limit for paying as a bounty.
    4. Bounty Link: https://make.wordpress.org/core/handbook/testing/reporting-bugs/
  29. Zomato
    1. Zomato helps security researchers to identify security-related issues with the company’s website or apps.
    2. Minimum Payout: Zomato will pay a minimum of $1000 to find essential bugs.
    3. Maximum Payout: There is no maximum fixed amount.
    4. Bounty Link: https://www.zomato.com/policies/security/
  30. Tor Project
    1. Tor Project’s bug bounty program covers two core services: its network daemon and browser.
    2. Limitation: OpenSSL applications are excluded from this scope.
    3. Minimum Payout: The minimum amount paid by them is $100.
    4. Maximum Payout: The Company will pay you a maximum of $4000.
    5. (No link available) Bounty Link: security@lists.torproject.org
  31. HackerOne
    1. HackerOne is one of the most significant vulnerability coordination and bug bounty platforms. It helps companies protect their consumer data by working with the global research community to find the most relevant security issues. Many companies, such as Yahoo, Shopify, PHP, Google, Snapchat, and Wink, use this website to reward security researchers and ethical hackers.
    2. Bounty Link: https://hackerone.com/bug-bounty-programs
  32. Bugcrowd
    1. This site is a powerful platform connecting the global security researcher community to the security market. It aims to provide its worldwide clients with the right mix and type of researcher suited to the specific website. The hackers just need to select their reports on this site, and if they can detect the right bugs, the specific company will pay that person the amount.
    2. Bounty Link: https://www.bugcrowd.com/bug-bounty-list/
Newsletter Signup
Address

The Grid —
The Matrix Has Me
Big Bear Lake, CA 92315

01010011 01111001 01110011 01110100 01100101 01101101 00100000
01000110 01100001 01101001 01101100 01110101 01110010 01100101

Kid, don't threaten me. There are worse things than death, and uh, I can do all of them.The Plague

Deitasoft © 2024. All Rights Reserved.