Reward Program

• AT&T -http://developer.att.com/developer/apiDetailPage.jsp?passedItemId=10700235 -

(To submit you need to sign up to the free 
Developer API program)

• Avast! - http://www.avast.com/bug-bounty

• Barracuda - http://barracudalabs.com/

• Coinbase - https://coinbase.com/whitehat

• Chromium Project - http://www.chromium.org/

• CrowdShield - https://crowdshield.com/

• Cryptocat - https://crypto.cat/bughunt/

• Facebook - http://www.facebook.com/whitehat/

• Etsy - http://www.etsy.com/help/article/2463

• Gallery - http://codex.gallery2.org/Bounties

• Ghostscript -http://ghostscript.com/Bug_bounty_program.html(Mostly software development, occasional security issues)

• Google -http://www.google.com/about/company/rewardprogram.html

• Hex-Rays - http://www.hex-rays.com/bugbounty.shtml

• IntegraXor (SCADA) -http://www.integraxor.com/blog/integraxor-hmi-scada-bug-bounty-program

• LaunchKey - https://launchkey.com/docs/whitehat

• Marktplaats - http://statisch.marktplaats.nl/help/

• Mega.co.nz -http://thenextweb.com/insider/2013/02/01/kim-dotcom-puts-up-13500-bounty-for-first-person-to-break-megas-security-system/

• Meraki - http://www.meraki.com/trust/#srp

• Microsoft -http://www.microsoft.com/security/msrc/report

• Mozilla - http://www.mozilla.org/security/bug-bounty.html

• Paypal -https://www.paypal.com/us/webapps/mpp/security/reporting-security-issues

• PikaPay - https://www.pikapay.com/pikapay-security-policy/

• Piwik - http://piwik.org/security/

• Ricebridge - http://www.ricebridge.com/bugs.htm (Only available to customers)

• Ripple - https://ripple.com/bug-bounty/

• Samsung - https://samsungtvbounty.com/

• Simple - https://www.simple.com/policies/website-security/

• Tarsnap - https://www.tarsnap.com/bugbounty.html

• Qiwi - https://www.qiwi.ru/page/hack.action

• Qmail - http://cr.yp.to/djbdns/guarantee.html

• Yandex -http://company.yandex.com/security/index.xml

• Zerobrane -http://notebook.kulchenko.com/zerobrane/zerobrane-studio-bug-bounty

 

 

 

Product & Services (Hall Of Fame Only)

• Acquia - https://www.acquia.com/how-report-security-issue

• ActiveProspect -http://activeprospect.com/activeprospect-security/

• Adobe -http://www.adobe.com/support/security/alertus.html

• Amazon.com (retail) - please email details to security@amazon.com

• Android Free Apps -http://www.androidfreeapp.net/security-researcher-acknowledgments/

• Apple - http://support.apple.com/kb/HT1318

• Blackberry -http://us.blackberry.com/business/topics/security/incident-response-team/collaborations.html

• Braintree -https://www.braintreepayments.com/developers/disclosure

• Card - https://www.card.com/responsible-disclosure-policy

• cPaperless -http://www.cpaperless.com/securitystatement.aspx

• Chargify - https://chargify.com/security/

• DiMartino Entertainment -http://moosikay.dimartinoentertainment.com/site/credits/

• eBay - http://pages.ebay.com/securitycenter

• EVE - http://community.eveonline.com/devblog.asp?a=blog&nbid=2384

• Evernote - http://evernote.com/security/

• Foursquare - https://foursquare.com/about/security

• Freelancer - http://www.freelancer.com/info/vulnerability-submission.php

• Future Of Enforcement -http://futureofenforcement.com/?page_id=695

• Gitlab - http://blog.gitlab.com/responsible-disclosure-policy/

• Gliph - https://gli.ph/s/security.html

• HakSecurity - http://haksecurity.com/special-thanks/

• Harmony - http://get.harmonyapp.com/security/

• Heroku - https://www.heroku.com/policy/security-hall-of-fame

• Iconfinder -http://support.iconfinder.com/customer/portal/articles/1217282-responsible-disclosure-of-security-vulnerabilities

• Kaneva -http://docs.kaneva.com/mediawiki/index.php/Bug_Bounty

• Kayako - https://my.kayako.com/

• Lastpass - https://lastpass.com/support_security.php

• Mahara - https://wiki.mahara.org/index.php

• MailChimp - http://mailchimp.com/about/security-response/

• Microsoft (Online Services) -http://technet.microsoft.com/en-us/security/cc308589

• Netflix -http://support.netflix.com/en/node/6657#gsc.tab=0

• Nokia -http://www.nokia.com/global/security/acknowledgements/

• Nokia Siemens Networks -http://www.nokiasiemensnetworks.com/about-us/responsible-disclosure

• Norada - http://norada.com/crm-software/security_response

• Owncloud - http://owncloud.org/about/security/hall-of-fame/

• Opera - https://bugs.opera.com/wizarddesktop/

• Oracle - http://oracle.com/technetwork/topics/security

• Puppet Labs -https://puppetlabs.com/security/acknowledgments/

• RedHat -https://access.redhat.com/knowledge/articles/66234

• Risk.io - https://www.risk.io/security

• Security Net - http://www.securitynet.org/security-researcher-acknoledgments/

• Sellfy - https://sellfy.com/security/

• Spotify - https://www.spotify.com/us/about-us/contact/report-security-issues/

• Sprout Social - http://sproutsocial.com/responsible-disclosure-policy

• Telekom - http://www.telekom.com/corporate-responsibility/security/186450

• Thingomatic - http://thingomatic.org/security.html

• 37signals - https://37signals.com/security-response

• Tuenti - http://corporate.tuenti.com/en/dev/hall-of-fame

• Twilio - https://www.twilio.com/docs/security/disclosure

• Twitter - https://twitter.com/about/security

• WizeHive -http://www.wizehive.com/special_thanks.html

• Xmarks - https://buy.xmarks.com/security.php

• Zendesk -http://www.zendesk.com/company/responsible-disclosure-policy

• Zynga - http://company.zynga.com/security/whitehats

 

 

 

Product & Services (No Reward)

• Amazon Web Services (AWS) -http://aws.amazon.com/security/vulnerability-reporting

• Apriva - http://www.apriva.com/security

• Authy - https://www.authy.com/security-issue

• Blackboard - http://www.blackboard.com/footer/security-policy.aspx

• Box - https://www.box.com/about-us/security/

• Cisco -http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html#roosfassv

• Cloudnetz - http://cloudnetz.com/Legal/vulnerability-testing-policy.html

• Contant Contact -http://www.constantcontact.com/about-constant-contact/security/report-vulnerability.jsp

• Coupa - http://trust.coupa.com/home/security/coupa-vulnerability-reporting-policy

• Drupal - https://drupal.org/security-team

• EMC2 - http://www.emc.com/contact-us/contact/product-security-response-center.htm

• Emptrust - http://www.emptrust.com/Security.aspx

• Heroku - https://www.heroku.com/policy/security-hall-of-fame

• HTC - http://www.htc.com/us/terms/product-security/

• Huawei -http://www.huawei.com/en/security/psirt/report-vulnerabilities/index.htm

• IBM - http://www-03.ibm.com/security/secure-engineering/report.html

• KPN - http://www.kpn.com/Privacy.htm#tabcontent3

• Lievensberg Hospital -http://www.lievensbergziekenhuis.nl/paginas/141-disclaimer.html

• LinkedIn -http://help.linkedin.com/app/answers/detail/a_id/37022

• Lookout - https://www.lookout.com/responsible-disclosure

• Millsap Independent School District -http://www.millsapisd.net/BugReport.cfm

• Modus CSR -http://www.moduscsr.com/security_statement.php

• PagerDuty -http://www.pagerduty.com/security/disclosure/

• Panzura - http://panzura.com/support/panzura-security-policy/

• Pidgin - http://pidgin.im/security/

• Plone -http://plone.org/products/plone/security/advisories

• Pop Group -http://www.popgroupglobal.com/security.php

• Reddit - http://code.reddit.com/wiki/help/whitehat

• Relaso - http://relaso.com/disclosure

• Salesforce -http://www.salesforce.com/company/privacy/security.jsp#vulnerability

• Simplify - http://simplify-llc.com/simplify-security.html

• Skoodat - http://www.skoodat.com/security

• Scorpion Software -http://www.scorpionsoft.com/company/disclosurepolicy/

• Square - https://squareup.com/security/levels

• Symantec - http://www.symantec.com/security/

• Team Unify -http://www.teamunify.com/__corp__/security.php

• Tele2 -http://www.tele2.nl/klantenservice/veiligheid/tele2-en-veiligheid.html

• T-Mobile (Netherlands) - http://www.t-mobile.nl/Global/media/pdf/privacy_statement_juni_2012.pdf

• UPC -http://www.upc.nl/internet/veilig_internet/beveiligingsproblemen/

• Viadeo - http://www.viadeo.com/aide/security/

• Vodafone (Netherlands) -http://over.vodafone.nl/vodafone-nederland/privacy-veiligheid/beveiliging-en-bescherming/wat-doet-vodafone/meld-een-beveilig

• VSR - http://www.vsecurity.com/company/disclosure

• X.commerce - http://www.x.com/security

• Xen -http://www.xen.org/projects/security_vulnerability_process.html

• Ziggo -https://www.ziggo.nl/#klantenservice/internet/risicos-op-internet/meldpunt-beveiligingslekken