Bug Bounty Programs List (2021)

Below is a curated list of Active Bounty Programs by reputable companies

Read First : What is Bug Bounty Program ? Types, Tools and Skills

1) Intel

Contents

Intel’s bounty program mainly targets the company’s hardware, firmware, and software.

Limitations: It does not include recent acquisitions, the company’s web infrastructure, third-party products, or anything relating to McAfee.

Minimum Payout: Intel offers a minimum amount of $500 for finding bugs in their system.

Maximum Payout: The Company pays $30,000 maximum for detecting critical bugs.

Bounty Link: https://security-center.intel.com/BugBountyProgram.aspx

2) Yahoo

Yahoo has its dedicated team that accepts vulnerability reports from security researchers and ethical hackers.

Limitations: The Company does not offer any reward for finding bugs in yahoo.net, Yahoo 7 Yahoo Japan, Onwander and Yahoo operated Word press blogs.

Minimum Payout: There is no set limit on Yahoo for minimum payout.

Maximum Payout: Yahoo can pay $15000 for detecting important bugs in their system.

Bounty Link:https://safety.yahoo.com/Security/REPORTING-ISSUES.html

3) Snapchat

Snapchat security team reviews all vulnerability reports and acts upon them by responsible disclosure. The company, we will acknowledge your submission within 30 days.

Minimum Payout: Snapchat will pay minimum $2000.

Maximum Payout: Maximum they will pay is $15,000.

Bounty Link:https://support.snapchat.com/en-US/i-need-help

4) Cisco

Cisco encourages individuals or organization that are experiencing a product security issue to report them to the company.

Minimum Payout: Cisco’s minimum payout amount is $100.

Maximum Payout: Company will give maximum $2,500 to finding serious vulnerabilities.

Bounty Link: https://tools.cisco.com/security/center/resources/security_vulnerability_policy.html

5) Dropbox

Dropbox bounty program allows security researchers to report bugs and vulnerabilities on the third party service HackerOne.

Minimum Payout: The minimum amount paid is $12,167.

Maximum Payout: The maximum amount offered is $32,768.

Bounty Link: https://help.dropbox.com/accounts-billing/security/how-security-works

6) Apple

When Apple first launched its bug bounty program it allowed just 24 security researchers. The framework then expanded to include more bug bounty hunters.

The company will pay $100,000 to those who can extract data protected by Apple’s Secure Enclave technology.

Minimum Payout: There is no limited amount fixed by Apple Inc.

Maximum payout: The highest bounty given by Apple is $200,000 for security issues affecting its firmware.

Bounty Link: https://support.apple.com/en-au/HT201220

7) Facebook

Under Facebook’s bug bounty program users can report a security issue on Facebook, Instagram, Atlas, WhatsApp, etc.

Limitations: There are a few security issues that the social networking platform considers out-of-bounds.

Minimum Payout: Facebook will pay a minimum of $500 for a disclosed vulnerability.

Maximum Payout: There is no upper limit fixed by Facebook for the Payout.

Bounty Link: https://www.facebook.com/whitehat/

8) Google

Every content in the .google.com, .blogger, youtube.com are open for Google’s vulnerability rewards program.

Limitations: This bounty program only covers design and implementation issues.

Minimum Payout: Google will pay minimum $300 for finding security threads.

Maximum Payout: Google will pay the highest bounty of $31.337 for normal Google applications.

Bounty Link: https://www.google.com/about/appsecurity/reward-program/

9) Quora

Quora offers Bug Bounty program to all users and researchers to find and report security vulnerabilities.

Minimum Payout: Quora will pay minimum $100 for finding vulnerabilities on their site.

Maximum Payout: Maximum payout offered by this site is $7000.

Bounty Link: https://engineering.quora.com/Security-Bug-Bounty-Program

10) Mozilla

Mozilla rewards for vulnerability discoveries by ethical hackers and security researchers.

Limitations: The bounty is offered only for bugs in Mozilla services, such as Firefox, Thunderbird and other related applications and services.

Minimum Payout: Minium amount given by Firefox is $500.

Maximum Payout: The Company is paying a maximum of $5000.

Bounty Link: https://www.mozilla.org/en-US/security/bug-bounty/

11) Microsoft

Microsoft’s current bug bounty program was officially launched on 23rd September 2014 and deals only with Online Services.

Limitations: The bounty reward is only given for the critical and important vulnerabilities.

Minimum Payout: Microsoft ready to pay $15,000 for finding critical bugs.

Maximum Payout: Maximum amount can be $250,000.

Bounty Link: https://technet.microsoft.com/en-us/library/dn425036.aspx

12) OpenSSL

OpenSSL bounty allows you to report vulnerabilities using secure email (PGP Key). You can also report vulnerabilities to the OpenSSL Management Committee.

Minimum Payout: The Company pays minimum bounty rewards of $500.

Maximum Payout: The highest amount given by the company is $5000.

Bounty Link: https://www.openssl.org/news/vulnerabilities.html

13) Vimeo

Vimeo welcomes any security vulnerability reporting in their products as the company pays good rewards to that person.

Minimum payout: The Company will pay minimum $500

Maximum Payout: The maximum amount paid by this company is $5000.

Bounty Link: https://vimeo.com/about/security

14) Apache

Apache encourages ethical hackers to report security vulnerabilities to one of their private security mailing lists.

Minimum payout: The minimum pay out amount given by Apache is $500.

Maximum Payout: This Company can maximum give a reward of $3000.

Bounty Link: https://www.apache.org/security/

15) Twitter

Twitter allows security researchers and experts about possible security vulnerabilities in their services. The company encourages people to find bugs.

Minimum Payout: Twitter is paying minimum $140 amount.

Maximum Payout: Maximum amount pay by the company is $15000.

Bounty Link: https://support.twitter.com/articles/477159

16) Avast

Avast bounty program rewards ethical hackers and security researchers to report Remote code execution, Local privilege escalation, DOS, scanner bypass amongst other issues.

Minimum Payout: Avast can pay you the minimum amount of $400.

Maximum Payout: The maximum amount offered by the company is $10,000.

Bounty Link: https://www.avast.com/bug-bounty

17) Paypal

Payment gateway service Paypal also offers bug bounty programs for security researchers.

Limitations:

Vulnerabilities dependent upon social engineering techniques, Host Header

Denial of service (DOS), User defined payload, Content spoofing without embedded links/HTM and Vulnerabilities which require a jailbroken mobile device, etc.

Minimum Payout: Paypal can pay minimum $50 for finding security vulnerabilities in their system.

Maximum Payout: Maximum payout amount given by Paypal is $10000.

Bounty Link: https://hackerone.com/paypal

18) GitHub

GitHub’s runs bug bounty program since 2013. Every successful participant earned points for their vulnerability submissions depending on the severity.

Limitation: The security researcher will receive that bounty only if they respect users’ data and don’t exploit any issue to produce an attack that could harm the integrity of GitHub’s services or information.

Minimum Payout: Github pays a minimum amount of $200 for finding bugs.

Maximum Payout: Github can pay $10000 for finding critical bugs.

Bounty Link: https://bounty.github.com/

19) Uber

The vulnerability rewards program of Uber primarily focused on protecting the data of users and its employees.

Minimum Payout: There is no predetermined minimum amount.

Maximum Payout: Uber will pay you $10,000 for finding critical bug issues.

Bounty Link: https://eng.uber.com/bug-bounty-map/

20) Magento

Magneto bounty program allows you to report security vulnerabilities in Magneto software or websites.

Limitations:

Following security research is not eligible for the bounty

Potential or actual denial of service of Magento applications and systems.
Use of an exploit to view data without authorization.
Automated/scripted testing of web forms

Minimum Payout: Minimum payout amount for this is bounty program is $100.

Maximum Payout: Magento is paying maximum $10,000 for finding critical bugs.

Bounty Link: https://magento.com/security

21) Perl

Perl is also running bug bounty programs. If someone found a security vulnerability in Perl, they can contact the company.

Minimum Payout: The Company pays a minimum amount of $500.

Maximum Payout: The highest amount given by Perl is $1500.

Bounty Link: http://perldoc.perl.org/perlsec.html#SECURITY-VULNERABILITY-CONTACT-INFORMATION

22) PHP

PHP allows ethical hackers to find a bug in their site.

Limitations: You need to check the list of already finding bugs. If you not follow this instruction your bug is not considered.

Maximum Payout: Minimum Payout amount is $500.

Minimum Payout: Maximum $1500 is given by PHP for searching important bugs.

Bounty Link: https://bugs.php.net/report.php?bug_type=Security

23) Starbucks

Starbucks runs bug Bounty program to protect their customers. They encourage to find malicious activity in their networks, web and mobile applications policies.

Minimum Payout: The minimum amount paid by Starbucks $100.

Maximum Payout: The maximum amount goes up to $4000.

Bounty Link: https://www.starbucks.com/whitehat

24) AT&T

AT&T also has its bug hunting channel. Developers and security experts can research the various platforms like websites, APIs, and mobile applications.

Minimum Payout: Minimum Amount Paid by them is $500.

Maximum Payout: There is no such upper limit for payout.

Bounty Link: https://bugbounty.att.com/

25) LinkedIn

The LinkedIn welcomes Individual researchers who contribute their expertise and time to find bugs.

The company will reward you, but neither minimum nor maximum amount is a fix for this purpose.

Bounty Link: https://security.linkedin.com/posts/2015/private-bug-bounty-program

26) Paytm

Paytm invites independent security groups or individual researchers to study it across all platforms

Limitations:

Reports that state that software is out of date/vulnerable without a ‘Proof of Concept.’
XSS issues that affect only outdated browsers.
Stack traces that disclose information.
Any fraud issues

Minimum Payout: The Company will pay minimum $15 for finding bugs.

Maximum Payout: This company does not fix the upper limit.

Bounty Link: https://paytm.com/offer/bug-bounty/

27) Shopify

Shopify’s Whitehat program rewards security researchers for finding severe security vulnerabilities

Minimum Payout: The minimum amount paid by the Shopify is $500.

Maximum Payout: There is no fix upper limit for paying the bounty.

Bounty Link: https://www.shopify.in/whitehat

28) Word Press

WordPress also welcomes security researchers to report about the bugs that they have found.

Minimum Payout: WordPress Pays $150 minimum for reporting bugs on their site.

Maximum Payout: The Company does not fix a maximum limit to pay as bounty.

Bounty Link: https://make.wordpress.org/core/handbook/testing/reporting-bugs/

29) Zomato

Zomato helps security researcher to identified security-related issues with company’s website or apps.

Minimum Payout: Zomato will pay minimum $1000 for finding important bugs.

Maximum Payout: There is no maximum fix amount.

Bounty Link: https://www.zomato.com/security

30) Tor Project

Tor Project’s bug bounty program covers two of its core services: its network daemon and browser.

Limitation: OpenSSL applications are excluded from this scope.

Minimum Payout: The minimum amount paid by them is $100.

Maximum Payout: The Company will pay you maximum $4000.

(No link available) Bounty Link: security@lists.torproject.org

31) Hackerone

HackerOne is one of the biggest vulnerability coordination and bug bounty platform. It helps companies to protect their consumer data by working with the global research community for finding most relevant security issues. Many known companies like Yahoo, Shopify, PHP, Google, Snapchat, and Wink are taking the service of this website to give a reward to security researchers and ethical hackers.

Bounty Link: https://hackerone.com/bug-bounty-programs

32) Bugcrowd

A powerful platform connecting the global security researcher community to the security market. This site aims to provide right mix and type of researcher suited according to the specific website to their worldwide clients. The hackers just need to select their reports on this site, and if they can detect right bugs, the specific company will pay the amount to that person.

Bounty Link: https://www.bugcrowd.com/bug-bounty-list/

airline bug bounty programs

amazon bug bounty

an empirical study of bug bounty programs

apple bug bounty programs

are bug bounty programs legal

aws bug bounty program

benefits of a bug bounty programs

benefits of bug bounty programs

best bug bounty programs

best bug bounty programs for beginners

best bug bounty programs reddit

best practices for bug bounty programs

best programs for bug bounty

better bug bounty programs

bounty programs bug bounties

bug bounty applications

bug bounty for software

bug bounty hunting programs

bug bounty program amazon

bug bounty program beginner

bug bounty program benefits

bug bounty program btc

bug bounty program bugcrowd

bug bounty program cash

bug bounty program certification

bug bounty program certification video

bug bounty program cisco

bug bounty program companies

bug bounty program cons

bug bounty program correct name

bug bounty program cost

bug bounty program course udemy

bug bounty program data

bug bounty program data breach

bug bounty program defined

bug bounty program definition

bug bounty program discord

bug bounty program dorks

bug bounty program earning

bug bounty program email

bug bounty program email address

bug bounty program employees

bug bounty program ethics

bug bounty program europe

bug bounty program examples

bug bounty program explanation

bug bounty program features

bug bounty program for companies

bug bounty program for dummies

bug bounty program game

bug bounty program git

bug bounty program govtech

bug bounty program guidelines

bug bounty program highest paid

bug bounty program hunters

bug bounty program in hindi

bug bounty program japan

bug bounty program la gi

bug bounty program line

bug bounty program linkedin

bug bounty program list 2020

bug bounty program malaysia

bug bounty program mastercard

bug bounty program money

bug bounty program on hackerone

bug bounty program open

bug bounty program payouts

bug bounty program paypal

bug bounty program paytm

bug bounty program platform

bug bounty program playstation

bug bounty program ps4

bug bounty program quora

bug bounty program rewards

bug bounty program risks

bug bounty program roblox

bug bounty program rockstar

bug bounty program tax

bug bounty program template

bug bounty program tesla

bug bounty program training

bug bounty program tutorial

bug bounty program twilio

bug bounty program upsc

bug bounty program use

bug bounty program vendors

bug bounty program website

bug bounty program what is it

bug bounty program whatsapp

bug bounty program winner

bug bounty program worth it

bug bounty program zoom

bug bounty programs

bug bounty programs 2020

bug bounty programs 2021

bug bounty programs apple

bug bounty programs average salary

bug bounty programs canada

bug bounty programs courses

bug bounty programs database

bug bounty programs def

bug bounty programs developers

bug bounty programs directory

bug bounty programs exploits

bug bounty programs facebook

bug bounty programs for beginners

bug bounty programs for cybersecurity practices issues and recommendations

bug bounty programs for iot

bug bounty programs github

bug bounty programs google

bug bounty programs hacker news

bug bounty programs hackerone

bug bounty programs how much money

bug bounty programs in india

bug bounty programs in kenya

bug bounty programs india

bug bounty programs jobs

bug bounty programs learn

bug bounty programs list

bug bounty programs list github

bug bounty programs make

bug bounty programs mean

bug bounty programs microsoft

bug bounty programs million

bug bounty programs offer

bug bounty programs paid

bug bounty programs pay

bug bounty programs pros and cons

bug bounty programs python

bug bounty programs que es

bug bounty programs recognition

bug bounty programs recon

bug bounty programs reddit

bug bounty programs research paper

bug bounty programs revenue

bug bounty programs rules

bug bounty programs salary

bug bounty programs south africa

bug bounty programs top companies

bug bounty programs uk

bug bounty programs what does it mean

bug bounty programs wiki

bug bounty programs youtube

bug bounty que es

bug bounty start

bug bounty vulnerability software

bugcrowd bounty programs

bugcrowd bug bounty programs

companies have bug bounty programs

companies using bug bounty programs

companies with bug bounty programs

cost of bug bounty programs

crowdsourced security vulnerability discovery modeling and organizing bug-bounty programs

current bug bounty programs

dangers of bug bounty programs

developers bug bounty programs

dod bug bounty programs

dollar bug bounty programs

dutch government bug bounty program list scope

easy bug bounty programs

essential component of such bug bounty programs

evaluate bug bounty programs

external bug bounty programs

find bug bounty programs

find private bug bounty programs

following companies have bug bounty programs

free bug bounty programs

github bug bounty programs

google bug bounty programs

government bug bounty programs

hackerone bug bounty program list

hackerone bug bounty programs

highest bug bounty programs

highest paid bug bounty program

highest paid bug bounty programs

highest paying bug bounty programs

history of bug bounty programs

how bug bounty program works

how do bug bounty programs make money

how does bug bounty programs work

how much does bug bounty programs make

how to choose a bug bounty program

how to earn money from bug bounty

how to find bug bounty

how to find bug bounty program

how to find bug bounty programs

how to make money bug bounty

how to start bug bounty program

importance of bug bounty programs

indian bug bounty program websites

indian bug bounty programs

integrity bug bounty programs

internal bug bounty programs

iot bug bounty programs

largest bug bounty programs

latest bug bounty programs

latest bug bounty programs 2020

latest bug bounty programs 2021

Bug Bounty Programs List (2021)

1) Intel

2) Yahoo

3) Snapchat

4) Cisco

5) Dropbox

6) Apple

7) Facebook

8) Google

9) Quora

10) Mozilla

11) Microsoft

12) OpenSSL

13) Vimeo

14) Apache

15) Twitter

16) Avast

17) Paypal

18) GitHub

19) Uber

20) Magento

21) Perl

22) PHP

23) Starbucks

24) AT&T

25) LinkedIn

26) Paytm

27) Shopify

28) Word Press

29) Zomato

30) Tor Project

31) Hackerone

32) Bugcrowd

Leave a Reply Cancel reply

Our Services

Important Link

Contact Info

Bug Bounty Programs List (2021)

1) Intel

2) Yahoo

3) Snapchat

4) Cisco

5) Dropbox

6) Apple

7) Facebook

8) Google

9) Quora

10) Mozilla

11) Microsoft

12) OpenSSL

13) Vimeo

14) Apache

15) Twitter

16) Avast

17) Paypal

18) GitHub

19) Uber

20) Magento

21) Perl

22) PHP

23) Starbucks

24) AT&T

25) LinkedIn

26) Paytm

27) Shopify

28) Word Press

29) Zomato

30) Tor Project

31) Hackerone

32) Bugcrowd

Related Post

Leave a Reply Cancel reply