Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/djadmin/awesome-bug-bounty
A comprehensive curated list of available Bug Bounty & Disclosure Programs and Write-ups.
https://github.com/djadmin/awesome-bug-bounty
List: awesome-bug-bounty
Last synced: about 2 months ago
JSON representation
A comprehensive curated list of available Bug Bounty & Disclosure Programs and Write-ups.
- Host: GitHub
- URL: https://github.com/djadmin/awesome-bug-bounty
- Owner: djadmin
- License: cc0-1.0
- Created: 2016-02-13T23:00:35.000Z (over 8 years ago)
- Default Branch: master
- Last Pushed: 2024-01-15T15:26:26.000Z (8 months ago)
- Last Synced: 2024-05-22T08:10:45.253Z (4 months ago)
- Homepage:
- Size: 190 KB
- Stars: 4,403
- Watchers: 289
- Forks: 899
- Open Issues: 13
-
Metadata Files:
- Readme: README.md
- Contributing: contributing.md
- License: LICENSE
- Code of conduct: code-of-conduct.md
Awesome Lists containing this project
- Hacking-Awesome - - List of Bug Bounty Programs and write-ups from the Bug Bounty hunters (Uncategorized / Uncategorized)
- awesome-rainmana - djadmin/awesome-bug-bounty - A comprehensive curated list of available Bug Bounty & Disclosure Programs and Write-ups. (Others)
- more-awesome - Bug Bounty Programs - Bug Bounty Programs and Security Write-ups. (Security)
- Awesome-Hacking - Bug Bounty - ups from the Bug Bounty hunters (Awesome Repositories)
- awesome-security-collection - **1845**ζ - ups. (<a id="8c5a692b5d26527ef346687e047c5c21"></a>ζΆι)
- ultimate-awesome - awesome-bug-bounty - A comprehensive curated list of available Bug Bounty & Disclosure Programs and Write-ups. (Other Lists / PowerShell Lists)
- awesome-hacking-lists - djadmin/awesome-bug-bounty - A comprehensive curated list of available Bug Bounty & Disclosure Programs and Write-ups. (Others)
- StarryDivineSky - djadmin/awesome-bug-bounty
- guia-ackercode - Programs and write-ups - Recursos para programas de bug bounty e write-ups. (π« Bug bounty)
- fucking-Awesome-Hacking - Bug Bounty - ups from the Bug Bounty hunters (Awesome Repositories)
README
# Awesome Bug Bounty [](https://github.com/sindresorhus/awesome)
A comprehensive curated list of Bug Bounty Programs and write-ups from the Bug Bounty hunters.
## Table of Contents
- [Getting Started](#getting-started)
- [Write Ups & Authors](#write-ups--authors)
- [Platforms](#platforms)
- [Available Programs](#available-programs)
- [Contribution guide](contributing.md)
### Getting Started
- [How to Become a Successful Bug Bounty Hunter](https://hackerone.com/blog/what-great-hackers-share)
- [Researcher Resources - How to become a Bug Bounty Hunter](https://forum.bugcrowd.com/t/researcher-resources-how-to-become-a-bug-bounty-hunter/1102)
- [Bug Bounties 101](https://whitton.io/articles/bug-bounties-101-getting-started/)
- [The life of a bug bounty hunter](http://www.alphr.com/features/378577/q-a-the-life-of-a-bug-bounty-hunter)
- [Awsome list of bugbounty cheatsheets](https://github.com/EdOverflow/bugbounty-cheatsheet)
- [Getting Started - Bug Bounty Hunter Methodology](https://www.bugcrowd.com/blog/getting-started-bug-bounty-hunter-methodology)
### Write Ups & Authors
- [sakurity.com/blog](http://sakurity.com/blog) - by [Egor Homakov](https://twitter.com/homakov)
- [respectxss.blogspot.in](http://respectxss.blogspot.in/) - by [Ashar Javed](https://twitter.com/soaj1664ashar)
- [labs.detectify.com](http://labs.detectify.com/) - by [Frans RosΓ©n](https://twitter.com/fransrosen)
- [cliffordtrigo.info](https://www.cliffordtrigo.info/) - by [Clifford Trigo](https://twitter.com/MrTrizaeron)
- [stephensclafani.com](http://stephensclafani.com/) - by [Stephen Sclafani](https://twitter.com/Stephen)
- [sasi2103.blogspot.co.il](http://sasi2103.blogspot.co.il/) - by [Sasi Levi](https://twitter.com/sasi2103)
- [pwnsecurity.net](http://www.pwnsecurity.net/) - by [Shashank](https://twitter.com/cyberboyIndia)
- [breaksec.com](https://www.breaksec.com/) - by [Nir Goldshlager](https://twitter.com/Nirgoldshlager)
- [pwndizzle.blogspot.in](http://pwndizzle.blogspot.in/) - by [Alex Davies](https://twitter.com/pwndizzle)
- [c0rni3sm.blogspot.in](http://c0rni3sm.blogspot.in/) - by [yappare](https://twitter.com/yappare)
- [exploit.co.il/blog](http://exploit.co.il/blog/) - by [Shai rod](https://twitter.com/NightRang3r)
- [ibreak.software](https://ibreak.software/) - by [Riyaz Ahemed Walikar](https://twitter.com/riyazwalikar)
- [panchocosil.blogspot.in](http://panchocosil.blogspot.in/) - by [Francisco Correa](https://twitter.com/@panchocosil)
- [breakingmesh.blogspot.in](http://breakingmesh.blogspot.in/) - by [Sahil Sehgal](https://twitter.com/xXSehgalXx)
- [websecresearch.com](http://www.websecresearch.com/) - by [ Ajay Singh Negi](https://twitter.com/ajaysinghnegi)
- [securitylearn.net](http://www.securitylearn.net/about/) - by [Satish Bommisetty](https://twitter.com/satishb3)
- [secinfinity.net](http://www.secinfinity.net/) - by Prakash Sharma
- [websecuritylog.com](http://www.websecuritylog.com/) - by [jitendra jaiswal](https://twitter.com/jeetjaiswal22)
- [medium.com/@ajdumanhug](https://medium.com/@ajdumanhug) - by [Allan Jay Dumanhug](https://www.twitter.com/ajdumanhug)
- [Web Hacking 101](https://leanpub.com/web-hacking-101) - by [Peter Yaworski](https://twitter.com/yaworsk)
### Platforms
- [YesWeHack](https://yeswehack.com/)
- [intigriti](https://intigriti.com/)
- [HackerOne](https://hackerone.com/)
- [Bugcrowd](https://bugcrowd.com/)
- [Cobalt](https://cobalt.io/)
- [Bountysource](https://www.bountysource.com/)
- [Bounty Factory](https://bountyfactory.io/)
- [Coder Bounty](http://www.coderbounty.com/)
- [FreedomSponsors](https://freedomsponsors.org/)
- [FOSS Factory](http://www.fossfactory.org/)
- [Synack](https://www.synack.com/)
- [HackenProof](https://hackenproof.com/)
- [Detectify](https://cs.detectify.com/)
- [Bugbountyjp](https://bugbounty.jp/)
- [Safehats](https://safehats.com/)
- [BugbountyHQ](https://www.bugbountyhq.com/)
- [Hackerhive](https://hackerhive.io/)
- [Hacktrophy](https://hacktrophy.com/)
- [AntiHACK](https://www.antihack.me/)
- [CESPPA](https://www.cesppa.com/)
### Available Programs
- [123Contact Form](http://www.123contactform.com/security-acknowledgements.htm)
- [99designs](https://hackerone.com/99designs)
- [Abacus](https://bugcrowd.com/abacus)
- [Acquia](mailto:[email protected])
- [ActiveCampaign](mailto:[email protected])
- [ActiveProspect](mailto:[email protected])
- [Adobe](https://hackerone.com/adobe)
- [AeroFS](mailto:[email protected])
- [Airbitz](https://cobalt.io/airbitz)
- [Airbnb](https://hackerone.com/airbnb)
- [Algolia](https://hackerone.com/algolia)
- [Altervista](http://en.altervista.org/feedback.php?who=feedback)
- [Altroconsumo](https://go.intigriti.com/altroconsumo)
- [Amara](mailto:[email protected])
- [Amazon Web Services](mailto:[email protected])
- [Amazon.com](mailto:[email protected])
- [ANCILE Solutions Inc.](https://bugcrowd.com/ancile)
- [Anghami](https://hackerone.com/anghami)
- [ANXBTC](https://cobalt.io/anxbtc)
- [Apache httpd](https://hackerone.com/ibb-apache)
- [Appcelerator](mailto:[email protected])
- [Apple](mailto:[email protected])
- [Apptentive](https://www.apptentive.com/contact)
- [Aptible](mailto:[email protected])
- [Ardour](http://tracker.ardour.org/my_view_page.php)
- [Arkane](https://go.intigriti.com/arkanenetwork)
- [ARM mbed](mailto:[email protected])
- [Asana](mailto:[email protected])
- [ASP4all](mailto:[email protected])
- [AT&T](https://bugbounty.att.com/bugform.php)
- [Atlassian](https://securitysd.atlassian.net/servicedesk/customer/portal/2)
- [Attack-Secure](mailto:[email protected])
- [Authy](mailto:[email protected])
- [Automattic](https://hackerone.com/automattic)
- [Avast!](mailto:[email protected])
- [Avira](mailto:[email protected])
- [AwardWallet](https://cobalt.io/awardwallet)
- [Badoo](https://corp.badoo.com/en/security/#send_bid)
- [Barracuda](https://bugcrowd.com/barracuda)
- [Base](https://go.intigriti.com/base)
- [Basecamp](mailto:[email protected])
- [Beanstalk](https://wildbit.wufoo.com/forms/wildbit-security-response)
- [BillGuard](https://cobalt.io/billguard)
- [Billys Billing](https://cobalt.io/billys-billing)
- [Binary.com](https://hackerone.com/binary)
- [Binary.com Cashier](https://hackerone.com/binary_cashier)
- [BitBandit.eu](https://cobalt.io/bitbandit-eu)
- [Bitcasa](mailto:[email protected])
- [BitCasino](https://cobalt.io/bitcasino)
- [BitGo](https://cobalt.io/bitgo)
- [BitHealth](https://cobalt.io/bithealth)
- [BitHunt](https://hackerone.com/bithunt)
- [BitMEX](https://cobalt.io/bitmex)
- [Bitoasis](https://cobalt.io/bitoasis)
- [Bitpagos](https://cobalt.io/bitpagos)
- [Bitrated](https://cobalt.io/bitrated)
- [Bitreserve](https://cobalt.io/bitreserve)
- [Bitspark](https://cobalt.io/bitspark)
- [Bitwage](https://cobalt.io/bitwage)
- [BitWall](mailto:[email protected])
- [BitYes](https://cobalt.io/bityes)
- [BlackBerry](https://global.blackberry.com/secure/report-an-issue/en.html)
- [Blackboard](mailto:[email protected])
- [Blackphone](https://bugcrowd.com/blackphone)
- [Blesta](mailto:[email protected])
- [Block.io](https://hackerone.com/blockio)
- [Block.io, Inc.](https://cobalt.io/block-io-inc)
- [Blockchain.info](https://cobalt.io/blockchain-info)
- [BlockScore](https://cobalt.io/blockscore)
- [Bookfresh](https://hackerone.com/bookfresh)
- [Box](mailto:[email protected])
- [Braintree](mailto:[email protected])
- [Brussels Airlines](https://go.intigriti.com/brusselsairlines)
- [BTC_sx](https://cobalt.io/btc-sx)
- [Buffer](mailto:[email protected])
- [BX.in.th](https://cobalt.io/bx-in-th)
- [C2FO](https://hackerone.com/c2fo)
- [Campaign Monitor](https://help.campaignmonitor.com/contact)
- [CARD.com](https://bugcrowd.com/card)
- [Catchafire](https://cobalt.io/catchafire)
- [Caviar](https://hackerone.com/caviar)
- [CCBill](mailto:[email protected])
- [CERT/CC](https://hackerone.com/cert)
- [Certly](https://hackerone.com/certly)
- [ChainPay](https://cobalt.io/chainpay)
- [ChangeTip](https://cobalt.io/changetip)
- [Chargify](https://bugcrowd.com/chargify)
- [Chromium Project](https://code.google.com/p/chromium/issues/entry?template=Security%20Bug)
- [Circle](https://cobalt.io/circle)
- [CircleCI](mailto:[email protected])
- [Cisco](http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html#roosfassv)
- [ClickUp](https://clickup.com/bug-bounty)
- [Clojars](mailto:[email protected])
- [CloudFlare](https://hackerone.com/cloudflare)
- [Cobalt](https://cobalt.io/cobalt)
- [Code Climate](mailto:[email protected])
- [CodeIgniter](https://hackerone.com/codeigniter)
- [CodePen](https://bugcrowd.com/codepen)
- [Coin Republic](https://cobalt.io/coin-republic)
- [Coin.Space](https://hackerone.com/coinspace)
- [Coinage](https://cobalt.io/coinage)
- [Coinbase](https://hackerone.com/coinbase)
- [CoinDaddy](https://cobalt.io/coindaddy)
- [Coinkite](mailto:[email protected]?subject=%5BVulnerability%5D%20-%20)
- [Coinport](https://cobalt.io/coinport)
- [coins.ph](https://cobalt.io/coins-ph)
- [Cointrader.net](https://cobalt.io/cointrader-net)
- [Coinvoy](https://cobalt.io/coinvoy)
- [Collishop](https://go.intigriti.com/collishop)
- [Colruyt](https://go.intigriti.com/colruyt)
- [Compose](mailto:[email protected])
- [concrete5](https://hackerone.com/concrete5)
- [Constant Contact](mailto:[email protected])
- [Counterparty](https://cobalt.io/counterparty)
- [Coupa](mailto:[email protected])
- [Coursera](https://hackerone.com/coursera)
- [cPanel](mailto:[email protected])
- [cPaperless](mailto:[email protected])
- [Crix.io](https://cobalt.io/crixio)
- [Cross Border Fines](https://go.intigriti.com/crossborderfines)
- [CrowdShield](https://crowdshield.com/bug-bounty-list.php?bug_bounty_program=crowdshield)
- [Cryptocat](https://github.com/cryptocat/cryptocat/issues)
- [Cupcake](mailto:[email protected])
- [CustomerInsight](mailto:[email protected])
- [Cylance](https://hackerone.com/cylance)
- [Dato Capital](mailto:security%40datocapital.com)
- [Detectify](mailto:[email protected])
- [De Volkskrant](https://go.intigriti.com/devolkskrant)
- [Delen Private Bank](https://go.intigriti.com/delen)
- [DigitalOcean](mailto:[email protected])
- [DigitalSellz](https://hackerone.com/digitalsellz)
- [Django](https://hackerone.com/django)
- [Doorkeeper](mailto:[email protected])
- [DoSomething](https://cobalt.io/dosomething)
- [DPD](mailto:[email protected])
- [Dragon King](https://hackenproof.com/neverdie/dragon-king)
- [Dreambaby](https://go.intigriti.com/dreamland)
- [Dreamland](https://go.intigriti.com/dream)
- [Dropbox](https://hackerone.com/dropbox)
- [Dropbox Acquisitions](https://hackerone.com/dropbox-acquisitions)
- [Drupal](https://www.drupal.org/node/101494)
- [eBay](http://pages.ebay.com/securitycenter/Researchers.html)
- [Eclipse](mailto:[email protected])
- [eHealth Hub VZN KUL](https://go.intigriti.com/ehealthhubvznkul)
- [EMC](mailto:[email protected])
- [Enano](mailto:[email protected])
- [Engine Yard](mailto:[email protected])
- [Envoy](https://hackerone.com/envoy)
- [Eobot](https://cobalt.io/eobot)
- [EthnoHub](mailto:[email protected])
- [Etsy](https://www.etsy.com/bounty)
- [EVE](mailto:[email protected])
- [Event Espresso](http://eventespresso.com/report-a-security-vulnerability)
- [Everitoken](https://hackenproof.com/everitoken/everitoken-blockchain)
- [Evernote](mailto:[email protected])
- [EURid](https://go.intigriti.com/eurid)
- [Expatistan](mailto:[email protected])
- [ExpressionEngine](https://hackerone.com/expressionengine)
- [Ezbob](https://cobalt.io/ezbob)
- [Facebook](https://www.facebook.com/whitehat)
- [Faceless](https://hackerone.com/faceless)
- [Factlink](https://hackerone.com/factlink)
- [FanFootage](https://hackerone.com/fanfootage)
- [FastSlots](https://cobalt.io/fastslots)
- [Flash](https://hackerone.com/flash)
- [Flood](mailto:[email protected])
- [Flow Dock](mailto:[email protected])
- [Flox](https://hackerone.com/flox)
- [Fluxiom](mailto:[email protected])
- [Fog Creek](http://www.fogcreek.com/contact)
- [FormAssembly](mailto:[email protected])
- [Founder Bliss](https://cobalt.io/founder-bliss)
- [Foursquare](mailto:[email protected])
- [Freelancer](mailto:[email protected])
- [Gallery](mailto:[email protected])
- [Gamma](mailto:[email protected])
- [Gemfury](mailto:[email protected])
- [General Motors](https://hackerone.com/gm)
- [GhostMail](https://hackerone.com/gmguys)
- [GitHub](https://bounty.github.com/submit-a-vulnerability.html)
- [GitLab](https://hackerone.com/gitlab)
- [GlassWire](https://hackerone.com/glasswire)
- [Gliph](mailto:[email protected])
- [GlobaLeaks](https://hackerone.com/globaleaks)
- [Google PRP](mailto:[email protected])
- [Google VRP](https://www.google.com/about/appsecurity/reward-program/index.html)
- [Grammarly](https://hackerone.com/grammarly)
- [Gratipay](https://hackerone.com/gratipay)
- [GreenAddress](https://cobalt.io/greenaddress)
- [Greenhouse.io](https://hackerone.com/greenhouse)
- [Grok Learning](mailto:[email protected])
- [HackenProof](https://hackenproof.com/hacken/hackenproof)
- [HackerOne](https://hackerone.com/security)
- [Harmony](mailto:[email protected])
- [Heroku](https://bugcrowd.com/heroku)
- [Hex-Rays](mailto:[email protected])
- [Hive Wallet](https://cobalt.io/hive-wallet)
- [Hootsuite](mailto:[email protected])
- [HTC](mailto:[email protected])
- [Huawei](mailto:[email protected])
- [Hubdia](https://hackerone.com/hubdia)
- [Humble Bundle](https://bugcrowd.com/humblebundle)
- [IAM KU Leuven](https://go.intigriti.com/kuleuvenlogin)
- [Ian Dunn](https://hackerone.com/iandunn-projects)
- [IBM](https://www.ibm.com/scripts/contact/contact/us/en/security_vulnerabilities)
- [ICEcoder](https://bugcrowd.com/icecoder)
- [Iconfinder](mailto:[email protected])
- [Ifixit](mailto:[email protected])
- [Imgur](https://hackerone.com/imgur)
- [ImpressPages](https://cobalt.io/impresspages)
- [Indeed](https://bugcrowd.com/indeed)
- [Independent Reserve](https://cobalt.io/independent-reserve)
- [Informatica](https://hackerone.com/informatica)
- [IntegraXor](http://www.integraxor.com/support.html)
- [Internetwache](mailto:[email protected])
- [InVision](https://hackerone.com/invision)
- [IRCCloud](https://hackerone.com/irccloud)
- [itBit Exchange](https://hackerone.com/itbit)
- [ITRP](mailto:[email protected])
- [itsme](https://go.intigriti.com/itsme)
- [joola.io](https://hackerone.com/joola-io)
- [Joomla](http://vel.joomla.org/submit-vel)
- [JRuby](mailto:[email protected])
- [jsDelivr](https://hackerone.com/jsdelivr)
- [Juniper](mailto:[email protected])
- [Kadira](https://hackerone.com/kadira)
- [Kaneva](mailto:[email protected])
- [Kayako](http://my.kayako.com/Tickets/Submit)
- [Kenna](https://bugcrowd.com/riskio)
- [Keybase](https://hackerone.com/keybase)
- [Khan Academy](https://hackerone.com/khanacademy)
- [SKB Kontur](https://kontur.ru/.well-known/security.txt)
- [Kraken](mailto:[email protected])
- [Kinepolis](https://go.intigriti.com/kinepolis)
- [Kuna](https://hackenproof.com/kuna/kuna-crypto-exchange)
- [Lancor Income](https://cobalt.io/lancor-income)
- [LastPass](mailto:[email protected])
- [LaunchKey](mailto:[email protected])
- [Lean Testing](https://hackerone.com/leantesting)
- [Librato](mailto:[email protected])
- [LibSass](https://hackerone.com/libsass)
- [Liferay](mailto:[email protected])
- [Line](https://bugbounty.linecorp.com/en/)
- [LinkedIn](mailto:[email protected])
- [LiveEnsure](http://www.liveensure.com/contact.php)
- [LocalBitcoins](https://cobalt.io/localbitcoins)
- [Localize](https://hackerone.com/localize)
- [Logentries](mailto:[email protected])
- [Lookout](mailto:[email protected])
- [Magento](mailto:[email protected])
- [MAGIX](mailto:[email protected])
- [Mahara](mailto:[email protected])
- [MaiCoin](https://cobalt.io/maicoin)
- [Mail.Ru](https://hackerone.com/mailru)
- [Mailbird](https://cobalt.io/mailbird)
- [MailChimp](http://mailchimp.com/about/security-response/)
- [ManageBGL](https://cobalt.io/managebgl)
- [ManageWP](mailto:[email protected])
- [MapLogin](https://hackerone.com/maplogin)
- [Marietje Schaake](https://go.intigriti.com/marietjeschaake)
- [Marktplatts](https://hackerone.com/marktplaats)
- [Mavenlink](https://hackerone.com/mavenlink)
- [Maximum](https://hackerone.com/maximum)
- [MCProHosting](https://bugcrowd.com/mcprohostings)
- [MEGA](mailto:[email protected])
- [Mercury](https://cobalt.io/mercury)
- [Meteor](https://hackerone.com/meteor)
- [meXBT](https://cobalt.io/mexbt)
- [Microsoft](mailto:[email protected])
- [Mimecast](mailto:[email protected])
- [Mobile Vikings](https://go.intigriti.com/mobilevikings)
- [Mobile Vikings](https://hackerone.com/mobilevikings)
- [Modus CSR](mailto:[email protected])
- [MoneyBird](mailto:[email protected])
- [MoneyStream](https://hackerone.com/moneystream)
- [Moodle](mailto:[email protected])
- [Motorola Solutions](mailto:[email protected])
- [Mozilla](https://www.mozilla.org/en-US/security/bug-bounty/)
- [mynxt.info](https://cobalt.io/mynxt-info)
- [NCSC](mailto:[email protected])
- [Nearby Live](https://hackerone.com/nearby)
- [Nest](mailto:[email protected])
- [Netflix](mailto:[email protected])
- [Neverdie Smart Contract](https://hackenproof.com/neverdie/neverdie-smart-contract)
- [Neverdie Web](https://hackenproof.com/neverdie/neverdie-web)
- [Nexmo](https://cobalt.io/nexmo)
- [Nexuzhealth](https://go.intigriti.com/nexushealth)
- [Nexuzhealth Web PACS](https://go.intigriti.com/nexuzhealthwebpacs)
- [Nginx](https://hackerone.com/ibb-nginx)
- [Nitrous](mailto:[email protected])
- [Nokia Networks](mailto:[email protected])
- [NoPass](https://cobalt.io/nopass)
- [NZRS](mailto:[email protected])
- [Offensive Security](mailto:[email protected])
- [ok.ru](https://hackerone.com/ok)
- [OKCoin](https://cobalt.io/okcoin)
- [OkCupid](https://hackerone.com/okcupid)
- [Olark](mailto:[email protected])
- [OneSpan Mobile](https://go.intigriti.com/vascomobileproducts)
- [OneSpan Server Products](https://go.intigriti.com/vascoserver-sideproducts)
- [Opal Cryptocurrency](https://cobalt.io/opal-cryptocurrency)
- [Openfolio](https://hackerone.com/openfolio)
- [OpenSSL](https://hackerone.com/ibb-openssl)
- [OpenStack](https://security.openstack.org/#how-to-report-security-issues-to-openstack)
- [OpenText](mailto:[email protected])
- [Opera](https://bugs.opera.com/wizarddesktop)
- [Optimizely](https://cobalt.io/optimizely)
- [Oracle](mailto:[email protected])
- [ownCloud](https://hackerone.com/owncloud)
- [PagerDuty](mailto:[email protected])
- [Panasonic Avionics](https://hackerone.com/panasonic-aero)
- [Pantheon](https://bugcrowd.com/pantheon)
- [Panzura](mailto:[email protected])
- [Paragon Initiative Enterprises](https://hackerone.com/paragonie)
- [Paychoice](mailto:[email protected])
- [PayMill](mailto:[email protected])
- [PayPal](mailto:https://www.paypal.com/bugbounty/register)
- [Paytm](https://bugbounty.paytm.com)
- [Perl](https://hackerone.com/ibb-perl)
- [Phabricator](https://hackerone.com/phabricator)
- [PHP](https://bugs.php.net/report.php)
- [Pidgin](mailto:[email protected])
- [PikaPay](mailto:[email protected])
- [PinoyHackNews](mailto:[email protected])
- [Pinterest](https://bugcrowd.com/pinterest)
- [Piwik Open Source Analytics](https://cobalt.io/piwik-open-source-analytics)
- [Plone](mailto:[email protected])
- [Pocket](mailto:[email protected])
- [Poloniex](https://cobalt.io/poloniex)
- [Postmark](https://wildbit.wufoo.com/forms/wildbit-security-response)
- [Prezi](mailto:[email protected])
- [Projectplace](https://hackerone.com/projectplace)
- [PullReview](mailto:[email protected])
- [Puppet labs](mailto:[email protected])
- [PureVPN](https://bugcrowd.com/purevpn)
- [Python](mailto:[email protected])
- [QIWI](https://hackerone.com/qiwi)
- [Quadriga CX](https://cobalt.io/quadriga-cx)
- [QuickBT](https://cobalt.io/quickbt)
- [Quora](https://hackerone.com/quora)
- [Rackspace](mailto:[email protected])
- [Rdbhost_service](https://cobalt.io/rdbhost-service)
- [Red Hat](mailto:[email protected])
- [Reddit](mailto:[email protected])
- [Relaso](mailto:[email protected])
- [RelateIQ](mailto:[email protected])
- [Release Wire](http://www.releasewire.com/about/contact)
- [Respondly](https://hackerone.com/respondly)
- [Revive Adserver](https://hackerone.com/revive_adserver)
- [Ribose](https://www.ribose.com/feedbacks/security)
- [Ripio](https://cobalt.io/ripio)
- [Ripple](mailto:[email protected])
- [Riskalyze](mailto:[email protected])
- [Romit](https://hackerone.com/romit)
- [Ruby](mailto:[email protected])
- [Ruby on Rails](https://hackerone.com/rails)
- [Salesforce](mailto:[email protected])
- [Samsung TV](https://samsungtvbounty.com/ReportBug.aspx)
- [Sandbox Escape](https://hackerone.com/sandbox)
- [SAP](mailto:[email protected])
- [Schuberg Philis](mailto:[email protected])
- [Scorpion Software](mailto:[email protected])
- [Secret](https://hackerone.com/secret)
- [Secure Works](mailto:[email protected])
- [Sellfy](http://docs.sellfy.com/contact)
- [Sentiance](https://go.intigriti.com/sentiance)
- [ServiceRocket](https://bugcrowd.com/servicerocket)
- [ShareLaTeX](mailto:[email protected])
- [Sherpany](https://cobalt.io/sherpany)
- [Shopify](https://hackerone.com/shopify)
- [Sifter](mailto:[email protected]?subject=%27Security%20Vulnerability%20Report%27)
- [Silent Circle](https://bugcrowd.com/silentcircle)
- [Simple](https://bugcrowd.com/simple)
- [SiteGround](mailto:[email protected])
- [Skoodat](mailto:[email protected])
- [Skrill](https://cobalt.io/skrill)
- [Skyscanner](https://bugcrowd.com/skyscanner)
- [Slack](https://hackerone.com/slack)
- [Snapchat](https://hackerone.com/snapchat)
- [Snappy](mailto:[email protected])
- [Sonatype](mailto:[email protected])
- [Sony](https://secure.sony.net/form)
- [SoundCloud](https://scsecurity.freshdesk.com/support/tickets/new)
- [Spaargids](https://go.intigriti.com/spaargids)
- [SpectroCoin](https://cobalt.io/spectrocoin)
- [Spendbitcoins](https://cobalt.io/spendbitcoins)
- [SplashID](https://bugcrowd.com/splashid)
- [Splitwise](mailto:[email protected])
- [Spotify](mailto:[email protected])
- [Sprout Social](mailto:[email protected])
- [Square](https://hackerone.com/square)
- [Square Open Source](https://hackerone.com/square-open-source)
- [StatusPage](https://bugcrowd.com/sunrise)
- [StopTheHacker](https://hackerone.com/stopthehacker)
- [Student Assessment System](https://go.intigriti.com/printscan)
- [Studio 100](https://go.intigriti.com/studio100)
- [Subledger](https://cobalt.io/subledger)
- [Subrosa](https://cobalt.io/subrosa)
- [Sucuri](https://hackerone.com/sucuri)
- [Suivo](https://go.intigriti.com/suivoweb)
- [Symantec](mailto:[email protected])
- [Taptalk](https://hackerone.com/taptalk)
- [Tarsnap](mailto:[email protected])
- [TeamUnify](mailto:[email protected])
- [Tele2](mailto:[email protected])
- [Telekom](mailto:[email protected]?subject=bug_bounty)
- [Telenet](https://go.intigriti.com/telenet)
- [Test-Aankoop](https://go.intigriti.com/testaankoop)
- [The Internet](https://hackerone.com/internet)
- [The Mastercoin Foundation](https://cobalt.io/the-mastercoin-foundation)
- [ThisData](https://hackerone.com/thisdata)
- [TimeTrex](https://cobalt.io/timetrex)
- [ToyTalk](https://hackerone.com/toytalk)
- [Trello](https://hackerone.com/trello)
- [Tuenti](http://corporate.tuenti.com/en/contact/security)
- [Tweakers](https://go.intigriti.com/tweakers)
- [Twilio](https://bugcrowd.com/twilio)
- [Twitch](mailto:[email protected])
- [Twitter](https://hackerone.com/twitter)
- [Uber](mailto:[email protected])
- [Ubiquiti Networks](https://hackerone.com/ubnt)
- [Unitag](mailto:[email protected])
- [Urban Dictionary](https://hackerone.com/urbandictionary)
- [Uzbey](https://hackerone.com/uzbey)
- [Valve Software](mailto:[email protected])
- [VeChainThor](https://hackenproof.com/vechain/vechainthor)
- [VeChainThor Wallet](https://hackenproof.com/vechain/vechainthor-wallet)
- [VCE](mailto:[email protected])
- [Venmo](mailto:[email protected])
- [Version Cake](https://hackerone.com/versioncake)
- [Viadeo](mailto:[email protected])
- [Vimeo](https://hackerone.com/vimeo)
- [VK.com](https://hackerone.com/vkcom)
- [Volusion](https://bugcrowd.com/volusion)
- [VPNSox](https://cobalt.io/vpnsox)
- [vulners.com](https://hackerone.com/vulnerscom)
- [Vultr](https://www.vultr.com/bug-bounty/)
- [Webconverger](mailto:[email protected])
- [Websecurify](http://campaigns.websecurify.com/money-for-bugs/#contact)
- [Weebly](https://cobalt.io/weebly)
- [WePay](https://hackerone.com/wepay)
- [Whisper](https://hackerone.com/whisper)
- [WHMCS](https://bugcrowd.com/whmcs)
- [Windthorst ISD](http://www.windthorstisd.net/BugReport.cfm)
- [withinsecurity](https://hackerone.com/withinsecurity)
- [WizeHive](mailto:[email protected])
- [Woorank](https://go.intigriti.com/woorank)
- [WordPoints](https://hackerone.com/wordpoints)
- [Wordware](https://cobalt.io/wordware)
- [WP API](https://hackerone.com/wp-api)
- [Xen Project](mailto:[email protected])
- [Xmarks](mailto:[email protected])
- [Yahoo](https://hackerone.com/yahoo)
- [Yandex](https://yandex.com/bugbounty/report)
- [Yanomo](mailto:[email protected])
- [Yesware](mailto:[email protected])
- [Zapier](mailto:[email protected])
- [Zaption](https://hackerone.com/zaption)
- [ZenCash](mailto:[email protected])
- [Zendesk](https://hackerone.com/zendesk)
- [Zetetic](mailto:[email protected])
- [Ziggo](mailto:[email protected])
- [Zimbra](mailto:[email protected])
- [Zoho](https://bugbounty.zoho.com/bb/info)
- [Zomato](https://hackerone.com/zomato)
- [Zopim](https://hackerone.com/zopim)
- [Zynga](mailto:[email protected])
## Aggregators
- [BountyHQ](https://bountyhq.secapps.com/)
## License
[](https://creativecommons.org/publicdomain/zero/1.0/)
To the extent possible under law, [Dheeraj Joshi](https://github.com/djadmin) has waived all copyright and related or neighboring rights to this work.