awesome-bug-bounty/README.md

# Awesome Bug Bounty [![Awesome](https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg)](https://github.com/sindresorhus/awesome)
A comprehensive curated list of Bug Bounty Programs and write-ups from the Bug Bounty hunters.

## Table of Contents
- [Getting Started](#getting-started)
- [Write Ups & Authors](#write-ups--authors)
- [Platforms](#platforms)
- [Available Programs](#available-programs)
- [Contribution guide](contributing.md)

### Getting Started
- [How to Become a Successful Bug Bounty Hunter](https://hackerone.com/blog/what-great-hackers-share)
- [Researcher Resources - How to become a Bug Bounty Hunter](https://forum.bugcrowd.com/t/researcher-resources-how-to-become-a-bug-bounty-hunter/1102)
- [Bug Bounties 101](https://whitton.io/articles/bug-bounties-101-getting-started/)
- [The life of a bug bounty hunter](http://www.alphr.com/features/378577/q-a-the-life-of-a-bug-bounty-hunter)
- [Awsome list of bugbounty cheatsheets](https://github.com/EdOverflow/bugbounty-cheatsheet)
- [Getting Started - Bug Bounty Hunter Methodology](https://www.bugcrowd.com/blog/getting-started-bug-bounty-hunter-methodology)

### Write Ups & Authors
- [sakurity.com/blog](http://sakurity.com/blog)  -  by [Egor Homakov](https://twitter.com/homakov)
- [respectxss.blogspot.in](http://respectxss.blogspot.in/)  -  by [Ashar Javed](https://twitter.com/soaj1664ashar)
- [labs.detectify.com](http://labs.detectify.com/)  -  by [Frans Rosén](https://twitter.com/fransrosen)
- [cliffordtrigo.info](https://www.cliffordtrigo.info/)  -  by [Clifford Trigo](https://twitter.com/MrTrizaeron)
- [stephensclafani.com](http://stephensclafani.com/)  -  by [Stephen Sclafani](https://twitter.com/Stephen)
- [sasi2103.blogspot.co.il](http://sasi2103.blogspot.co.il/)  -  by [Sasi Levi](https://twitter.com/sasi2103)
- [pwnsecurity.net](http://www.pwnsecurity.net/)  -  by [Shashank](https://twitter.com/cyberboyIndia)
- [breaksec.com](https://www.breaksec.com/)  -  by [Nir Goldshlager](https://twitter.com/Nirgoldshlager)
- [pwndizzle.blogspot.in](http://pwndizzle.blogspot.in/)  -  by [Alex Davies](https://twitter.com/pwndizzle)
- [c0rni3sm.blogspot.in](http://c0rni3sm.blogspot.in/)  -  by [yappare](https://twitter.com/yappare)
- [exploit.co.il/blog](http://exploit.co.il/blog/)  -  by [Shai rod](https://twitter.com/NightRang3r)
- [ibreak.software](https://ibreak.software/)  -  by [Riyaz Ahemed Walikar](https://twitter.com/riyazwalikar)
- [panchocosil.blogspot.in](http://panchocosil.blogspot.in/)  -  by [Francisco Correa](https://twitter.com/@panchocosil)
- [breakingmesh.blogspot.in](http://breakingmesh.blogspot.in/)  -  by [Sahil Sehgal](https://twitter.com/xXSehgalXx)
- [websecresearch.com](http://www.websecresearch.com/)  -  by [ Ajay Singh Negi](https://twitter.com/ajaysinghnegi)
- [securitylearn.net](http://www.securitylearn.net/about/)  -  by [Satish Bommisetty](https://twitter.com/satishb3)
- [secinfinity.net](http://www.secinfinity.net/)  -  by Prakash Sharma
- [websecuritylog.com](http://www.websecuritylog.com/)  -  by [jitendra jaiswal](https://twitter.com/jeetjaiswal22)
- [medium.com/@ajdumanhug](https://medium.com/@ajdumanhug) - by [Allan Jay Dumanhug](https://www.twitter.com/ajdumanhug)
- [Web Hacking 101](https://leanpub.com/web-hacking-101) - by [Peter Yaworski](https://twitter.com/yaworsk)


### Platforms
- [YesWeHack](https://yeswehack.com/)
- [intigriti](https://intigriti.com/)
- [HackerOne](https://hackerone.com/)
- [Bugcrowd](https://bugcrowd.com/)
- [Cobalt](https://cobalt.io/)
- [Bountysource](https://www.bountysource.com/)
- [Bounty Factory](https://bountyfactory.io/)
- [Coder Bounty](http://www.coderbounty.com/)
- [FreedomSponsors](https://freedomsponsors.org/)
- [FOSS Factory](http://www.fossfactory.org/)
- [Synack](https://www.synack.com/)
- [HackenProof](https://hackenproof.com/)
- [Detectify](https://cs.detectify.com/)
- [Bugbountyjp](https://bugbounty.jp/)
- [Safehats](https://safehats.com/)
- [BugbountyHQ](https://www.bugbountyhq.com/)
- [Hackerhive](https://hackerhive.io/)
- [Hacktrophy](https://hacktrophy.com/)
- [AntiHACK](https://www.antihack.me/)
- [CESPPA](https://www.cesppa.com/)

### Available Programs
- [123Contact Form](http://www.123contactform.com/security-acknowledgements.htm)
- [99designs](https://hackerone.com/99designs)
- [Abacus](https://bugcrowd.com/abacus)
- [Acquia](mailto:security@acquia.com)
- [ActiveCampaign](mailto:security@activecampaign.com)
- [ActiveProspect](mailto:security@activeprospect.com)
- [Adobe](https://hackerone.com/adobe)
- [AeroFS](mailto:security@aerofs.com)
- [Airbitz](https://cobalt.io/airbitz)
- [Airbnb](https://hackerone.com/airbnb)
- [Algolia](https://hackerone.com/algolia)
- [Altervista](http://en.altervista.org/feedback.php?who=feedback)
- [Altroconsumo](https://go.intigriti.com/altroconsumo)
- [Amara](mailto:security@amara.org)
- [Amazon Web Services](mailto:aws-security@amazon.com)
- [Amazon.com](mailto:security@amazon.com)
- [ANCILE Solutions Inc.](https://bugcrowd.com/ancile)
- [Anghami](https://hackerone.com/anghami)
- [ANXBTC](https://cobalt.io/anxbtc)
- [Apache httpd](https://hackerone.com/ibb-apache)
- [Appcelerator](mailto:Infosec@appcelerator.com)
- [Apple](mailto:product-security@apple.com)
- [Apptentive](https://www.apptentive.com/contact)
- [Aptible](mailto:security@aptible.com)
- [Ardour](http://tracker.ardour.org/my_view_page.php)
- [Arkane](https://go.intigriti.com/arkanenetwork)
- [ARM mbed](mailto:whitehat@polarssl.org)
- [Asana](mailto:security@asana.com)
- [ASP4all](mailto:support@asp4all.nl)
- [AT&T](https://bugbounty.att.com/bugform.php)
- [Atlassian](https://securitysd.atlassian.net/servicedesk/customer/portal/2)
- [Attack-Secure](mailto:admin@attack-secure.com)
- [Authy](mailto:security@authy.com)
- [Automattic](https://hackerone.com/automattic)
- [Avast!](mailto:bugs@avast.com)
- [Avira](mailto:vulnerabilities@avira.com)
- [AwardWallet](https://cobalt.io/awardwallet)
- [Badoo](https://corp.badoo.com/en/security/#send_bid)
- [Barracuda](https://bugcrowd.com/barracuda)
- [Base](https://go.intigriti.com/base)
- [Basecamp](mailto:security@basecamp.com)
- [Beanstalk](https://wildbit.wufoo.com/forms/wildbit-security-response)
- [BillGuard](https://cobalt.io/billguard)
- [Billys Billing](https://cobalt.io/billys-billing)
- [Binary.com](https://hackerone.com/binary)
- [Binary.com Cashier](https://hackerone.com/binary_cashier)
- [BitBandit.eu](https://cobalt.io/bitbandit-eu)
- [Bitcasa](mailto:security@bitcasa.com)
- [BitCasino](https://cobalt.io/bitcasino)
- [BitGo](https://cobalt.io/bitgo)
- [BitHealth](https://cobalt.io/bithealth)
- [BitHunt](https://hackerone.com/bithunt)
- [BitMEX](https://cobalt.io/bitmex)
- [Bitoasis](https://cobalt.io/bitoasis)
- [Bitpagos](https://cobalt.io/bitpagos)
- [Bitrated](https://cobalt.io/bitrated)
- [Bitreserve](https://cobalt.io/bitreserve)
- [Bitspark](https://cobalt.io/bitspark)
- [Bitwage](https://cobalt.io/bitwage)
- [BitWall](mailto:request@bitwall.io)
- [BitYes](https://cobalt.io/bityes)
- [BlackBerry](https://global.blackberry.com/secure/report-an-issue/en.html)
- [Blackboard](mailto:learnsecurity@blackboard.com)
- [Blackphone](https://bugcrowd.com/blackphone)
- [Blesta](mailto:security@blesta.com)
- [Block.io](https://hackerone.com/blockio)
- [Block.io, Inc.](https://cobalt.io/block-io-inc)
- [Blockchain.info](https://cobalt.io/blockchain-info)
- [BlockScore](https://cobalt.io/blockscore)
- [Bookfresh](https://hackerone.com/bookfresh)
- [Box](mailto:security-reports@box.com)
- [Braintree](mailto:security@braintreepayments.com)
- [Brussels Airlines](https://go.intigriti.com/brusselsairlines)
- [BTC_sx](https://cobalt.io/btc-sx)
- [Buffer](mailto:security@bufferapp.com)
- [BX.in.th](https://cobalt.io/bx-in-th)
- [C2FO](https://hackerone.com/c2fo)
- [Campaign Monitor](https://help.campaignmonitor.com/contact)
- [CARD.com](https://bugcrowd.com/card)
- [Catchafire](https://cobalt.io/catchafire)
- [Caviar](https://hackerone.com/caviar)
- [CCBill](mailto:bugrewards@ccbill.com)
- [CERT/CC](https://hackerone.com/cert)
- [Certly](https://hackerone.com/certly)
- [ChainPay](https://cobalt.io/chainpay)
- [ChangeTip](https://cobalt.io/changetip)
- [Chargify](https://bugcrowd.com/chargify)
- [Chromium Project](https://code.google.com/p/chromium/issues/entry?template=Security%20Bug)
- [Circle](https://cobalt.io/circle)
- [CircleCI](mailto:security@circleci.com)
- [Cisco](http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html#roosfassv)
- [ClickUp](https://clickup.com/bug-bounty)
- [Clojars](mailto:contact@clojars.org)
- [CloudFlare](https://hackerone.com/cloudflare)
- [Cobalt](https://cobalt.io/cobalt)
- [Code Climate](mailto:security@codeclimate.com)
- [CodeIgniter](https://hackerone.com/codeigniter)
- [CodePen](https://bugcrowd.com/codepen)
- [Coin Republic](https://cobalt.io/coin-republic)
- [Coin.Space](https://hackerone.com/coinspace)
- [Coinage](https://cobalt.io/coinage)
- [Coinbase](https://hackerone.com/coinbase)
- [CoinDaddy](https://cobalt.io/coindaddy)
- [Coinkite](mailto:feedback@coinkite.com?subject=%5BVulnerability%5D%20-%20)
- [Coinport](https://cobalt.io/coinport)
- [coins.ph](https://cobalt.io/coins-ph)
- [Cointrader.net](https://cobalt.io/cointrader-net)
- [Coinvoy](https://cobalt.io/coinvoy)
- [Collishop](https://go.intigriti.com/collishop)
- [Colruyt](https://go.intigriti.com/colruyt)
- [Compose](mailto:security@compose.io)
- [concrete5](https://hackerone.com/concrete5)
- [Constant Contact](mailto:vulnerability@constantcontact.com)
- [Counterparty](https://cobalt.io/counterparty)
- [Coupa](mailto:security@coupa.com)
- [Coursera](https://hackerone.com/coursera)
- [cPanel](mailto:security@cpanel.net)
- [cPaperless](mailto:support@cPaperless.com)
- [Crix.io](https://cobalt.io/crixio)
- [Cross Border Fines](https://go.intigriti.com/crossborderfines)
- [CrowdShield](https://crowdshield.com/bug-bounty-list.php?bug_bounty_program=crowdshield)
- [Cryptocat](https://github.com/cryptocat/cryptocat/issues)
- [Cupcake](mailto:security@cupcake.io)
- [CustomerInsight](mailto:admin@customerinsight.ca)
- [Cylance](https://hackerone.com/cylance)
- [Dato Capital](mailto:security%40datocapital.com)
- [Detectify](mailto:disclosure@detectify.com)
- [De Volkskrant](https://go.intigriti.com/devolkskrant)
- [Delen Private Bank](https://go.intigriti.com/delen)
- [DigitalOcean](mailto:security@digitalocean.com)
- [DigitalSellz](https://hackerone.com/digitalsellz)
- [Django](https://hackerone.com/django)
- [Doorkeeper](mailto:info@doorkeeper.jp)
- [DoSomething](https://cobalt.io/dosomething)
- [DPD](mailto:security@dpd.zendesk.com)
- [Dragon King](https://hackenproof.com/neverdie/dragon-king)
- [Dreambaby](https://go.intigriti.com/dreamland)
- [Dreamland](https://go.intigriti.com/dream)
- [Dropbox](https://hackerone.com/dropbox)
- [Dropbox Acquisitions](https://hackerone.com/dropbox-acquisitions)
- [Drupal](https://www.drupal.org/node/101494)
- [eBay](http://pages.ebay.com/securitycenter/Researchers.html)
- [Eclipse](mailto:security@eclipse.org)
- [eHealth Hub VZN KUL](https://go.intigriti.com/ehealthhubvznkul)
- [EMC](mailto:security_alert@emc.com)
- [Enano](mailto:security@enanocms.org)
- [Engine Yard](mailto:security@engineyard.com)
- [Envoy](https://hackerone.com/envoy)
- [Eobot](https://cobalt.io/eobot)
- [EthnoHub](mailto:security@ethnohub.com)
- [Etsy](https://www.etsy.com/bounty)
- [EVE](mailto:security@ccpgames.com)
- [Event Espresso](http://eventespresso.com/report-a-security-vulnerability)
- [Everitoken](https://hackenproof.com/everitoken/everitoken-blockchain)
- [Evernote](mailto:security@evernote.com)
- [EURid](https://go.intigriti.com/eurid)
- [Expatistan](mailto:gerardo@expatistan.com)
- [ExpressionEngine](https://hackerone.com/expressionengine)
- [Ezbob](https://cobalt.io/ezbob)
- [Facebook](https://www.facebook.com/whitehat)
- [Faceless](https://hackerone.com/faceless)
- [Factlink](https://hackerone.com/factlink)
- [FanFootage](https://hackerone.com/fanfootage)
- [FastSlots](https://cobalt.io/fastslots)
- [Flash](https://hackerone.com/flash)
- [Flood](mailto:support@flood.io)
- [Flow Dock](mailto:security@flowdock.com)
- [Flox](https://hackerone.com/flox)
- [Fluxiom](mailto:security@fluxiom.com)
- [Fog Creek](http://www.fogcreek.com/contact)
- [FormAssembly](mailto:security@formassembly.com)
- [Founder Bliss](https://cobalt.io/founder-bliss)
- [Foursquare](mailto:security@foursquare.com)
- [Freelancer](mailto:security-reporting@freelancer.com)
- [Gallery](mailto:security@galleryproject.org)
- [Gamma](mailto:security-alert@intergamma.nl)
- [Gemfury](mailto:security@gemfury.com)
- [General Motors](https://hackerone.com/gm)
- [GhostMail](https://hackerone.com/gmguys)
- [GitHub](https://bounty.github.com/submit-a-vulnerability.html)
- [GitLab](https://hackerone.com/gitlab)
- [GlassWire](https://hackerone.com/glasswire)
- [Gliph](mailto:security@gli.ph)
- [GlobaLeaks](https://hackerone.com/globaleaks)
- [Google PRP](mailto:security-patches@google.com)
- [Google VRP](https://www.google.com/about/appsecurity/reward-program/index.html)
- [Grammarly](https://hackerone.com/grammarly)
- [Gratipay](https://hackerone.com/gratipay)
- [GreenAddress](https://cobalt.io/greenaddress)
- [Greenhouse.io](https://hackerone.com/greenhouse)
- [Grok Learning](mailto:security@groklearning.com)
- [HackenProof](https://hackenproof.com/hacken/hackenproof)
- [HackerOne](https://hackerone.com/security)
- [Harmony](mailto:security@collectiveidea.com)
- [Heroku](https://bugcrowd.com/heroku)
- [Hex-Rays](mailto:bugbounty@hex-rays.com)
- [Hive Wallet](https://cobalt.io/hive-wallet)
- [Hootsuite](mailto:security@hootsuite.com)
- [HTC](mailto:security@htc.com)
- [Huawei](mailto:psirt@huawei.com)
- [Hubdia](https://hackerone.com/hubdia)
- [Humble Bundle](https://bugcrowd.com/humblebundle)
- [IAM KU Leuven](https://go.intigriti.com/kuleuvenlogin)
- [Ian Dunn](https://hackerone.com/iandunn-projects)
- [IBM](https://www.ibm.com/scripts/contact/contact/us/en/security_vulnerabilities)
- [ICEcoder](https://bugcrowd.com/icecoder)
- [Iconfinder](mailto:support@iconfinder.com)
- [Ifixit](mailto:security@ifixit.com)
- [Imgur](https://hackerone.com/imgur)
- [ImpressPages](https://cobalt.io/impresspages)
- [Indeed](https://bugcrowd.com/indeed)
- [Independent Reserve](https://cobalt.io/independent-reserve)
- [Informatica](https://hackerone.com/informatica)
- [IntegraXor](http://www.integraxor.com/support.html)
- [Internetwache](mailto:security@internetwache.org)
- [InVision](https://hackerone.com/invision)
- [IRCCloud](https://hackerone.com/irccloud)
- [itBit Exchange](https://hackerone.com/itbit)
- [ITRP](mailto:security@itrp.com)
- [itsme](https://go.intigriti.com/itsme)
- [joola.io](https://hackerone.com/joola-io)
- [Joomla](http://vel.joomla.org/submit-vel)
- [JRuby](mailto:security@jruby.org)
- [jsDelivr](https://hackerone.com/jsdelivr)
- [Juniper](mailto:sirt@juniper.net)
- [Kadira](https://hackerone.com/kadira)
- [Kaneva](mailto:security@kaneva.com)
- [Kayako](http://my.kayako.com/Tickets/Submit)
- [Kenna](https://bugcrowd.com/riskio)
- [Keybase](https://hackerone.com/keybase)
- [Khan Academy](https://hackerone.com/khanacademy)
- [SKB Kontur](https://kontur.ru/.well-known/security.txt)
- [Kraken](mailto:bugbounty@kraken.com)
- [Kinepolis](https://go.intigriti.com/kinepolis)
- [Kuna](https://hackenproof.com/kuna/kuna-crypto-exchange)
- [Lancor Income](https://cobalt.io/lancor-income)
- [LastPass](mailto:security@lastpass.com)
- [LaunchKey](mailto:security@launchkey.com)
- [Lean Testing](https://hackerone.com/leantesting)
- [Librato](mailto:security@librato.com)
- [LibSass](https://hackerone.com/libsass)
- [Liferay](mailto:security@liferay.com)
- [Line](https://bugbounty.linecorp.com/en/)
- [LinkedIn](mailto:security@linkedin.com)
- [LiveEnsure](http://www.liveensure.com/contact.php)
- [LocalBitcoins](https://cobalt.io/localbitcoins)
- [Localize](https://hackerone.com/localize)
- [Logentries](mailto:security@logentries.com)
- [Lookout](mailto:security@lookout.com)
- [Magento](mailto:security@magento.com)
- [MAGIX](mailto:security@magix.net)
- [Mahara](mailto:security@mahara.org)
- [MaiCoin](https://cobalt.io/maicoin)
- [Mail.Ru](https://hackerone.com/mailru)
- [Mailbird](https://cobalt.io/mailbird)
- [MailChimp](http://mailchimp.com/about/security-response/)
- [ManageBGL](https://cobalt.io/managebgl)
- [ManageWP](mailto:security@managewp.com)
- [MapLogin](https://hackerone.com/maplogin)
- [Marietje Schaake](https://go.intigriti.com/marietjeschaake)
- [Marktplatts](https://hackerone.com/marktplaats)
- [Mavenlink](https://hackerone.com/mavenlink)
- [Maximum](https://hackerone.com/maximum)
- [MCProHosting](https://bugcrowd.com/mcprohostings)
- [MEGA](mailto:bugs@mega.co.nz)
- [Mercury](https://cobalt.io/mercury)
- [Meteor](https://hackerone.com/meteor)
- [meXBT](https://cobalt.io/mexbt)
- [Microsoft](mailto:secure@microsoft.com)
- [Mimecast](mailto:disclosure@mimecast.com)
- [Mobile Vikings](https://go.intigriti.com/mobilevikings)
- [Mobile Vikings](https://hackerone.com/mobilevikings)
- [Modus CSR](mailto:security@moduscsr.com)
- [MoneyBird](mailto:security@moneybird.com)
- [MoneyStream](https://hackerone.com/moneystream)
- [Moodle](mailto:security@moodle.org)
- [Motorola Solutions](mailto:security@motorolasolutions.com)
- [Mozilla](https://www.mozilla.org/en-US/security/bug-bounty/)
- [mynxt.info](https://cobalt.io/mynxt-info)
- [NCSC](mailto:cert@ncsc.nl)
- [Nearby Live](https://hackerone.com/nearby)
- [Nest](mailto:security@nest.com)
- [Netflix](mailto:security-report@netflix.com)
- [Neverdie Smart Contract](https://hackenproof.com/neverdie/neverdie-smart-contract)
- [Neverdie Web](https://hackenproof.com/neverdie/neverdie-web)
- [Nexmo](https://cobalt.io/nexmo)
- [Nexuzhealth](https://go.intigriti.com/nexushealth)
- [Nexuzhealth Web PACS](https://go.intigriti.com/nexuzhealthwebpacs)
- [Nginx](https://hackerone.com/ibb-nginx)
- [Nitrous](mailto:security@nitrous.io)
- [Nokia Networks](mailto:security-alert@nokia.com)
- [NoPass](https://cobalt.io/nopass)
- [NZRS](mailto:security@nzrs.net.nz)
- [Offensive Security](mailto:security@offensive-security.com)
- [ok.ru](https://hackerone.com/ok)
- [OKCoin](https://cobalt.io/okcoin)
- [OkCupid](https://hackerone.com/okcupid)
- [Olark](mailto:security@olark.com)
- [OneSpan Mobile](https://go.intigriti.com/vascomobileproducts)
- [OneSpan Server Products](https://go.intigriti.com/vascoserver-sideproducts)
- [Opal Cryptocurrency](https://cobalt.io/opal-cryptocurrency)
- [Openfolio](https://hackerone.com/openfolio)
- [OpenSSL](https://hackerone.com/ibb-openssl)
- [OpenStack](https://security.openstack.org/#how-to-report-security-issues-to-openstack)
- [OpenText](mailto:otst@opentext.com)
- [Opera](https://bugs.opera.com/wizarddesktop)
- [Optimizely](https://cobalt.io/optimizely)
- [Oracle](mailto:secalert_us@oracle.com)
- [ownCloud](https://hackerone.com/owncloud)
- [PagerDuty](mailto:security@pagerduty.com)
- [Panasonic Avionics](https://hackerone.com/panasonic-aero)
- [Pantheon](https://bugcrowd.com/pantheon)
- [Panzura](mailto:security@panzura.com)
- [Paragon Initiative Enterprises](https://hackerone.com/paragonie)
- [Paychoice](mailto:security@paychoice.com.au)
- [PayMill](mailto:security@paymill.com)
- [PayPal](mailto:https://www.paypal.com/bugbounty/register)
- [Paytm](https://bugbounty.paytm.com)
- [Perl](https://hackerone.com/ibb-perl)
- [Phabricator](https://hackerone.com/phabricator)
- [PHP](https://bugs.php.net/report.php)
- [Pidgin](mailto:security@pidgin.im)
- [PikaPay](mailto:security@pikapay.com)
- [PinoyHackNews](mailto:admin@pinoyhacknews.com)
- [Pinterest](https://bugcrowd.com/pinterest)
- [Piwik Open Source Analytics](https://cobalt.io/piwik-open-source-analytics)
- [Plone](mailto:security@plone.org)
- [Pocket](mailto:security@getpocket.com)
- [Poloniex](https://cobalt.io/poloniex)
- [Postmark](https://wildbit.wufoo.com/forms/wildbit-security-response)
- [Prezi](mailto:security-bug-bounty@prezi.com)
- [Projectplace](https://hackerone.com/projectplace)
- [PullReview](mailto:security@pullreview.com)
- [Puppet labs](mailto:security@puppetlabs.com)
- [PureVPN](https://bugcrowd.com/purevpn)
- [Python](mailto:security@python.org)
- [QIWI](https://hackerone.com/qiwi)
- [Quadriga CX](https://cobalt.io/quadriga-cx)
- [QuickBT](https://cobalt.io/quickbt)
- [Quora](https://hackerone.com/quora)
- [Rackspace](mailto:security@rackspace.com)
- [Rdbhost_service](https://cobalt.io/rdbhost-service)
- [Red Hat](mailto:site-security@redhat.com)
- [Reddit](mailto:security@reddit.com)
- [Relaso](mailto:security@relaso.com)
- [RelateIQ](mailto:security@relateiq.com)
- [Release Wire](http://www.releasewire.com/about/contact)
- [Respondly](https://hackerone.com/respondly)
- [Revive Adserver](https://hackerone.com/revive_adserver)
- [Ribose](https://www.ribose.com/feedbacks/security)
- [Ripio](https://cobalt.io/ripio)
- [Ripple](mailto:bugs@ripple.com)
- [Riskalyze](mailto:security@riskalyze.com)
- [Romit](https://hackerone.com/romit)
- [Ruby](mailto:security@ruby-lang.org)
- [Ruby on Rails](https://hackerone.com/rails)
- [Salesforce](mailto:security@salesforce.com)
- [Samsung TV](https://samsungtvbounty.com/ReportBug.aspx)
- [Sandbox Escape](https://hackerone.com/sandbox)
- [SAP](mailto:secure@sap.com)
- [Schuberg Philis](mailto:abuse@schubergphilis.com)
- [Scorpion Software](mailto:security@scorpionsoft.com)
- [Secret](https://hackerone.com/secret)
- [Secure Works](mailto:security@secureworks.com)
- [Sellfy](http://docs.sellfy.com/contact)
- [Sentiance](https://go.intigriti.com/sentiance)
- [ServiceRocket](https://bugcrowd.com/servicerocket)
- [ShareLaTeX](mailto:team@sharelatex.com)
- [Sherpany](https://cobalt.io/sherpany)
- [Shopify](https://hackerone.com/shopify)
- [Sifter](mailto:security@sifterapp.com?subject=%27Security%20Vulnerability%20Report%27)
- [Silent Circle](https://bugcrowd.com/silentcircle)
- [Simple](https://bugcrowd.com/simple)
- [SiteGround](mailto:responsible-disclosure@siteground.com)
- [Skoodat](mailto:security@skoodat.com)
- [Skrill](https://cobalt.io/skrill)
- [Skyscanner](https://bugcrowd.com/skyscanner)
- [Slack](https://hackerone.com/slack)
- [Snapchat](https://hackerone.com/snapchat)
- [Snappy](mailto:security@userscape.com)
- [Sonatype](mailto:security@sonatype.com)
- [Sony](https://secure.sony.net/form)
- [SoundCloud](https://scsecurity.freshdesk.com/support/tickets/new)
- [Spaargids](https://go.intigriti.com/spaargids)
- [SpectroCoin](https://cobalt.io/spectrocoin)
- [Spendbitcoins](https://cobalt.io/spendbitcoins)
- [SplashID](https://bugcrowd.com/splashid)
- [Splitwise](mailto:security@splitwise.com)
- [Spotify](mailto:security@spotify.com)
- [Sprout Social](mailto:security@sproutsocial.com)
- [Square](https://hackerone.com/square)
- [Square Open Source](https://hackerone.com/square-open-source)
- [StatusPage](https://bugcrowd.com/sunrise)
- [StopTheHacker](https://hackerone.com/stopthehacker)
- [Student Assessment System](https://go.intigriti.com/printscan)
- [Studio 100](https://go.intigriti.com/studio100)
- [Subledger](https://cobalt.io/subledger)
- [Subrosa](https://cobalt.io/subrosa)
- [Sucuri](https://hackerone.com/sucuri)
- [Suivo](https://go.intigriti.com/suivoweb)
- [Symantec](mailto:secure@symantec.com)
- [Taptalk](https://hackerone.com/taptalk)
- [Tarsnap](mailto:cperciva@tarsnap.com)
- [TeamUnify](mailto:security@teamunify.com)
- [Tele2](mailto:beveiligingsmeldpunt@tele2.com)
- [Telekom](mailto:cert@telekom.de?subject=bug_bounty)
- [Telenet](https://go.intigriti.com/telenet)
- [Test-Aankoop](https://go.intigriti.com/testaankoop)
- [The Internet](https://hackerone.com/internet)
- [The Mastercoin Foundation](https://cobalt.io/the-mastercoin-foundation)
- [ThisData](https://hackerone.com/thisdata)
- [TimeTrex](https://cobalt.io/timetrex)
- [ToyTalk](https://hackerone.com/toytalk)
- [Trello](https://hackerone.com/trello)
- [Tuenti](http://corporate.tuenti.com/en/contact/security)
- [Tweakers](https://go.intigriti.com/tweakers)
- [Twilio](https://bugcrowd.com/twilio)
- [Twitch](mailto:security@twitch.tv)
- [Twitter](https://hackerone.com/twitter)
- [Uber](mailto:security-abuse@uber.com)
- [Ubiquiti Networks](https://hackerone.com/ubnt)
- [Unitag](mailto:security@unitag.io)
- [Urban Dictionary](https://hackerone.com/urbandictionary)
- [Uzbey](https://hackerone.com/uzbey)
- [Valve Software](mailto:security@valvesoftware.com)
- [VeChainThor](https://hackenproof.com/vechain/vechainthor)
- [VeChainThor Wallet](https://hackenproof.com/vechain/vechainthor-wallet)
- [VCE](mailto:security-alerts@vce.com)
- [Venmo](mailto:security@venmo.com)
- [Version Cake](https://hackerone.com/versioncake)
- [Viadeo](mailto:security@viadeo.com)
- [Vimeo](https://hackerone.com/vimeo)
- [VK.com](https://hackerone.com/vkcom)
- [Volusion](https://bugcrowd.com/volusion)
- [VPNSox](https://cobalt.io/vpnsox)
- [vulners.com](https://hackerone.com/vulnerscom)
- [Vultr](https://www.vultr.com/bug-bounty/)
- [Webconverger](mailto:security@webconverger.com)
- [Websecurify](http://campaigns.websecurify.com/money-for-bugs/#contact)
- [Weebly](https://cobalt.io/weebly)
- [WePay](https://hackerone.com/wepay)
- [Whisper](https://hackerone.com/whisper)
- [WHMCS](https://bugcrowd.com/whmcs)
- [Windthorst ISD](http://www.windthorstisd.net/BugReport.cfm)
- [withinsecurity](https://hackerone.com/withinsecurity)
- [WizeHive](mailto:security@wizehive.com)
- [Woorank](https://go.intigriti.com/woorank)
- [WordPoints](https://hackerone.com/wordpoints)
- [Wordware](https://cobalt.io/wordware)
- [WP API](https://hackerone.com/wp-api)
- [Xen Project](mailto:security@xenproject.org)
- [Xmarks](mailto:security@lastpass.com)
- [Yahoo](https://hackerone.com/yahoo)
- [Yandex](https://yandex.com/bugbounty/report)
- [Yanomo](mailto:support@yanomo.com)
- [Yesware](mailto:security@yesware.com)
- [Zapier](mailto:security@zapier.com)
- [Zaption](https://hackerone.com/zaption)
- [ZenCash](mailto:security@zencash.com)
- [Zendesk](https://hackerone.com/zendesk)
- [Zetetic](mailto:support@zetetic.net)
- [Ziggo](mailto:security@ziggo.nl)
- [Zimbra](mailto:security@zimbra.com)
- [Zoho](https://bugbounty.zoho.com/bb/info) 
- [Zomato](https://hackerone.com/zomato)
- [Zopim](https://hackerone.com/zopim)
- [Zynga](mailto:whitehat@zynga.com)

## Aggregators

- [BountyHQ](https://bountyhq.secapps.com/)

## License

[![CC0](http://mirrors.creativecommons.org/presskit/buttons/88x31/svg/cc-zero.svg)](https://creativecommons.org/publicdomain/zero/1.0/)

To the extent possible under law, [Dheeraj Joshi](https://github.com/djadmin) has waived all copyright and related or neighboring rights to this work.