An open API service indexing awesome lists of open source software.

https://github.com/projectdiscovery/oss-bounty-program

The ProjectDiscovery OSS Bounty Program exists to democratize security by rewarding meaningful contributions from the global community.
https://github.com/projectdiscovery/oss-bounty-program

Last synced: 15 days ago
JSON representation

The ProjectDiscovery OSS Bounty Program exists to democratize security by rewarding meaningful contributions from the global community.

Awesome Lists containing this project

README

          

# ProjectDiscovery OSS Bounty Program

# Purpose

The ProjectDiscovery OSS Bounty Program exists to democratize security by rewarding meaningful contributions from the global community.

Our tools are used by researchers, defenders, and builders worldwide. This program ensures that anyone, anywhere, can contribute to improving ProjectDiscovery projects and be fairly recognized or rewarded for their work.

We aim to:

- Lower the barrier to participation in security research and development
- Incentivize high-impact open-source contributions
- Foster a transparent, fair, and collabrative community
- Improve the security ecosystem for everyone

# Scope

## In-Scope Projects

- The program applies to official ProjectDiscovery open-source repositories, including but not limited to:
- Nuclei
- Katana
- Subfinder
- Httpx
- Naabu
- ShuffleDNS
- DNSx
- TLSx
- Vulnx
- URLFinder
- any other repositories explicitly labeled as **bounty.**
- Projects must be publicly available
- Issues or tasks eligibile for bounties will be clearly labeled (e.g., `bounty`)

## Out-of-Scope Projects

- Third-party dependencies
- Forks or unofficial repositories

## Who Can Participate

- Anyone worldwide may participate
- Contributors must be legally able to receive rewards
- ProjectDiscovery employees and core maintainers may contribute but are not eligible for monetary rewards

The program is **open**, **inclusive**, **and** **global**.

## Eligible Contributions

Only work explicitly marked or approved qualifies.

Eligible:

- Bug fixes for confirmed issues
- Performance improvements
- Feature implementations (request by maintainers)
- Documentation or testing improvements with meaningful impact
- Tooling & infrastructure enhancements

Not Eligible:

- Unapproved or unsolicited features
- Duplicate submissions
- Trivial or low-quality changes
- Known or already-reported security issues
- Any unethical, fraudulent, or abusive behavior

## Reward Structure

Monetary Bounties

- Fixed or variable rewards depending on impact
- Amounts are disclosed upfront or clearly stated

Non-Monetary Rewards

- Public recognition (release notes)
- ProjectDiscovery swag

## How to Participate

1. Find a `bounty` labeled issue
2. Announce intent by commenting on the issue
3. Work in public, following contribution guidelines
4. **1 active issue** per contributor at a time
5. Complete within **2 weeks** of claiming
6. Submit a PR clearly linked to the issue
7. Address review feedback
8. Get merged
9. Claim reward via provided instructions

First complete, high-quality submission wins the bounty.

## Review & Evaluation

All submissions are reviewed by ProjectDiscovery maintainers.

Evaluation criteria:

- Correctness and completeness
- Code quality and tests
- Adherence to project standards
- Alignment with bounty scope

## Security & Responsible Disclosure

- Never disclose vulnerabilities publicly
- Report security issues privately via [security@projectdiscovery.io](mailto:security@projectdiscovery.io)
- Follow coordinated disclosure timeline
- No exploitation, data access, or service distruption

## Payments & Legal

- Payments are typically processed within a reasonable timeframe after approval
- Contributors are responsible for taxes and legal compliance
- Contributions are licensed under the project’s existing open-source license
- No employment or contractor relationship is created

## Code of Conduct

All participants must:

- Act ethically and respectfully
- Avoid harassment, spam, or manipulation
- Respect maintainers’ decisions
- Keep discussions transparent and public

Violations may result in disqualification or bans.

## Program Changes

ProjectDiscovery may modify or end the program at any time.

- Changes will be announced publicly
- In-progress accepted work will be honored whenever possible

## Contact

## Why This Matters

Security should be democratized.

This programs exists to:

- Democratize security; build a healthier, more accessible security ecosystem
- Empower independent researchers
- Reward real-world impact
- Strengthen open-source security tooling.

If you believe in open source security for everyone, we welcome you.

Happy Hacking!