Essential BUG BOUNTY and Disclosure Programs

A bug bounty program is a deal offered by many websites and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to exploits and vulnerabilities. Bug bounty program originally welcomed just two dozen security researchers who had previously reported vulnerabilities in the tech giant’s software. Each of them has earned points for their vulnerability submissions depending on a flaw’s severity. Researchers can receive expected between $200 and $500,000 or more as a reward. Security impact of each vulnerability disclosed to it by taking into account multiplying factors, such as scale of exposure and sensitive of user data exposed, and whether factors like user interaction or physical access limits the severity of the flaw. But they’ll receive that bounty only if they respect users’ data and don’t exploit any issue to produce an attack that could harm Numerous organisations and even some government, semi-government and private entities have launched their own vulnerability reward programs (VRPs).

I think it’s time for an updated list :

S. No. Company Services & Products
1. Google
2. Apple
3. Facebook WhiteHat
4. Github
5. Intel
6. Microsoft Bug Bounty
7. Microsoft (MSRC)
8. IBM
9. Pentagon
10. Tor Project
11. LinkedIn
12. Uber
13. Adobe
14. Dell Secureworks
15. Codex Wordpress
16. Paypal Inc
17. AT&T Corporation
18. WordPress
19. Blogger
20. Qmail
21. Amazon Web Services
22. Cisco
23. Instagram
24. Paytm
25. eBay
26. Airbnb
27. Opera
28. Oracle
29. Android Free Apps
30. Dropbox
31. Freelancer
32. MacOSX Bitcoin LevelDB
33. Nvidia
34. Open Office
35. HTC
36. Indeed
37. Joomla
38. Juniper
39. Magento (Ebay Inc)
40. Motorola
41. Nokia Solutions Networks
42. RedHat
43. Sony
44. Blackberry
45. Symantec
46. Mozilla
47. Twitter
48. YouTube
49. Drupal
50. Yandex
51. Avast! – 2014 AntiVirus
52. Trend Micro & (Beta Portal)
53. Eclipse
54. Huawei
55. Rackspace
56. Redaxo
57. Security Net
58. Web GUI
59. Yahoo!
60. Zendesk
61. Parley
62. Vodafone Security NL
63. Vodafone Security DE
64. VCE
65. Splunk
66. ING NL
67. MailChimp
68. Prezi
69. SNS Bank NL
70. Hybrid Saas
71. Ruby Language
72. Samsung
73. Samba
74. Reddit
75. Qiwi
76. Event Espresso
77. Pinterest
78. Dropcam
79. Gimp
80. Nokia Siemens Networks
81. Netflix
82. Atlas
83. Badoo
84. EMC2
85. ifixit
86. Debian Security Tracker
87. Offensive Security
88. OpenBSD
89. Telegram
90. Tumblr
91. PureVPN
92. Shopify
93. Soundcloud
94. Bitcoin.DE
95. Cryptocat
96. Cupcake
97. Avira
98. Tesla
99. Barracuda Networks
100. CPanel
101. 123 Contact Form
102. 99Designs
103. Abacus
104. Acquia
105. Active Campaign
106. ActiveProspect
107. ActiVPN
108. Adapcare
109. AeroFS
110. Aerohive
111. Agora Ciudadana Security
112. Alcyon
113. Altervista
114. ANCILE Solutions Inc.
115. Aptible (2) (3)
116. Appcelerator
117. Apptentive
118. Asana
119. Attack Secure
120. Automattic Security
121. Base
122. Basecamp
123. BattleNET EU
124. Beanstalk
125. BeSnappy
126. Bitcasa
127. Bittrex
128. BitWall
129. Blackboard
130. BlinkSale
131. Box
132. Braintree
133. BTX Trader
134. BudgetSimple
135. Buffer
136. C2FO
137. Campaign Monitor
138. Can you XSS this?
139. Card
140. Chain API
141. Chargify
142. Chromium Project
143. CircleCi
144. Code Climate
145. CodePen
146. Coinbase
147. Coindrawer
148. Coinkite
149. Colupon
150. Commonsware
151. Compilr
152. Constant Contact
153. Counterparty
154. Coupa
155. cPaperless
156. Customer Insight
157. Detectify
158. Deutsche Telekom
159. Digital Ocean
160. DNN Corporation
161. DNSimple
162. Donately (API)
163. Downstream Analytics
164. Dribbble
165. Dropmyemail
166. eFront eLearning CMS
167. Electronic Arts (Games)
168. Emptrust
169. Engineyard
170. EthnoHub
171. Etsy
172. Eventbrite
173. Evernote
174. Expatistan
175. FastMail Pty Ltd.
176. FFmpeg
177. Flowdock
178. Fluxiom
179. Fog Creek
180. Form Assembly
181. Foursquare
182. Foxycart
183. Gallery
184. Gamma
185. Gemeente Wageningen
186. Gemfury
187. GetClouder
188. Ghost
189. Ghostscript
190. Giftcards.com
191. Gitlab
192. Gittip
193. Gliph
194. GoAnimate
195. Greenhouse Software Inc
196. Grok Learning
197. Hack For Cause
198. HakSecurity
199. Harmony
200. Helpscout
201. Heroku
202. Hex-Rays
203. HoneyDocs
204. Honeywell
205. Hootsuite
206. ICEcoder
207. Iconfinder
208. Informatiebeveiliging
209. IntegraXor (SCADA)
210. Internetwache
211. ITRP
212. Jetendo
213. jruby
214. Kadince
215. Kaneva
216. Kayako
217. Keming Labs
218. Kentico
219. Keepass
220. KPN
221. Kraken
222. lastpass
223. LaunchKey
224. Librato
225. Lievensberg Hospital
226. Liferay
227. Logentries
228. Localize
229. Lookout
230. Magix AG
231. Mahara
232. ManageWP
233. Mandrill App
234. Marktplaats
235. MasterCoin (+Tools)
236. MC-ProHosting
237. MediaWiki
238. Medium
239. Mega.co.nz
240. MeinVZ (Report)
241. Meldium
242. Meraki
243. Meta Calculator
244. Millsap Independent School
245. Modus CSR
246. Moneybird
247. Moodle
248. Myntra
249. MyStuff2 App
250. Namazu
251. NCSC Netherlands
252. Netagio
253. Net Worth Pro
254. Nitrous.IO
255. Norada
256. NZRS
257. Oculus VR
258. Offers.com
259. Olark
260. Onavo
261. OnePageCRM
262. Openclass Knowledge Base
263. OpenText
264. Own Cloud
265. PacketStorm Security
266. PagerDuty
267. Pantheon
268. Panzura
269. Parse (Facebook)
270. Paychoice
271. Paymill
272. Pidgin
273. PikaPay
274. Pinoy Hack News
275. Piwik
276. Plone Framework
277. Pocket
278. Polar SSL
279. PostmarkApp
280. PullReview
281. Puppet Labs
282. Regiobank NL
283. Relaso
284. Ribose
285. Ripple
286. Riskalyze
287. Risk.io
288. Salesforce
289. SBWire
290. Schuberg Philis
291. Scorpion Software
292. Segment.io
293. Sellfy
294. Sifter
295. Simple
296. Simplify
297. SiteGround
298. Skoodat
299. Skuid
300. Smart Budget
301. Smileznhapiez
302. Sonatype
303. SonicWall (DELL)
304. SplashID
305. Splitwise
306. Spotify
307. Sprout Social
308. Square
309. StatusPage
310. StreemFire
311. StudiVZ (Report)
312. TapaTalk
313. Tarsnap
314. Team Unify
315. Tele2
316. Trade Only
317. Tresorit
318. Tuenti
319. Twilio
320. Twitch Interactive
321. Typo3
322. Unitag
323. UPC
324. Valve
325. Viadeo
326. Volcanic Pixels
327. VSR
328. Wamba
329. Webconverger
330. WebsiteBaker
331. Wickr
332. Windthorst ISD
333. X.com
334. Xen
335. XING (Social Network)
336. Xmarks
337. XMind
338. Yesware
339. Zencash
340. Zerobrane
341. Zetetic
342. Ziggo
343. Zimbra
344. Zynga

Shahrukh Rafeeq

I'm an Entrepreneur, Freelance Security Consultant, Bug Hunter having years of experience with a deep interest in InfoSec Industry. I love to speak and write about web and mobile application pen-testing, bug bounty. You can reach me at

Leave a Reply

Your email address will not be published.