# Awesome Bug Bounty [![Awesome](https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg)](https://github.com/sindresorhus/awesome) A comprehensive curated list of Bug Bounty Programs and write-ups from the Bug Bounty hunters. ## Table of Contents - [Getting Started](#getting-started) - [Write Ups & Authors](#write-ups--authors) - [Platforms](#platforms) - [Available Programs](#available-programs) - [Contribution guide](contributing.md) ### Getting Started - [How to Become a Successful Bug Bounty Hunter](https://hackerone.com/blog/what-great-hackers-share) - [Researcher Resources - How to become a Bug Bounty Hunter](https://forum.bugcrowd.com/t/researcher-resources-how-to-become-a-bug-bounty-hunter/1102) - [Bug Bounties 101](https://whitton.io/articles/bug-bounties-101-getting-started/) - [The life of a bug bounty hunter](http://www.alphr.com/features/378577/q-a-the-life-of-a-bug-bounty-hunter) - [Awsome list of bugbounty cheatsheets](https://github.com/EdOverflow/bugbounty-cheatsheet) - [Getting Started - Bug Bounty Hunter Methodology](https://www.bugcrowd.com/blog/getting-started-bug-bounty-hunter-methodology) ### Write Ups & Authors - [sakurity.com/blog](http://sakurity.com/blog) - by [Egor Homakov](https://twitter.com/homakov) - [respectxss.blogspot.in](http://respectxss.blogspot.in/) - by [Ashar Javed](https://twitter.com/soaj1664ashar) - [labs.detectify.com](http://labs.detectify.com/) - by [Frans Rosén](https://twitter.com/fransrosen) - [cliffordtrigo.info](https://www.cliffordtrigo.info/) - by [Clifford Trigo](https://twitter.com/MrTrizaeron) - [stephensclafani.com](http://stephensclafani.com/) - by [Stephen Sclafani](https://twitter.com/Stephen) - [sasi2103.blogspot.co.il](http://sasi2103.blogspot.co.il/) - by [Sasi Levi](https://twitter.com/sasi2103) - [pwnsecurity.net](http://www.pwnsecurity.net/) - by [Shashank](https://twitter.com/cyberboyIndia) - [breaksec.com](https://www.breaksec.com/) - by [Nir Goldshlager](https://twitter.com/Nirgoldshlager) - [pwndizzle.blogspot.in](http://pwndizzle.blogspot.in/) - by [Alex Davies](https://twitter.com/pwndizzle) - [c0rni3sm.blogspot.in](http://c0rni3sm.blogspot.in/) - by [yappare](https://twitter.com/yappare) - [exploit.co.il/blog](http://exploit.co.il/blog/) - by [Shai rod](https://twitter.com/NightRang3r) - [ibreak.software](https://ibreak.software/) - by [Riyaz Ahemed Walikar](https://twitter.com/riyazwalikar) - [panchocosil.blogspot.in](http://panchocosil.blogspot.in/) - by [Francisco Correa](https://twitter.com/@panchocosil) - [breakingmesh.blogspot.in](http://breakingmesh.blogspot.in/) - by [Sahil Sehgal](https://twitter.com/xXSehgalXx) - [websecresearch.com](http://www.websecresearch.com/) - by [ Ajay Singh Negi](https://twitter.com/ajaysinghnegi) - [securitylearn.net](http://www.securitylearn.net/about/) - by [Satish Bommisetty](https://twitter.com/satishb3) - [secinfinity.net](http://www.secinfinity.net/) - by Prakash Sharma - [websecuritylog.com](http://www.websecuritylog.com/) - by [jitendra jaiswal](https://twitter.com/jeetjaiswal22) - [medium.com/@ajdumanhug](https://medium.com/@ajdumanhug) - by [Allan Jay Dumanhug](https://www.twitter.com/ajdumanhug) - [Web Hacking 101](https://leanpub.com/web-hacking-101) - by [Peter Yaworski](https://twitter.com/yaworsk) ### Platforms - [YesWeHack](https://yeswehack.com/) - [intigriti](https://intigriti.com/) - [HackerOne](https://hackerone.com/) - [Bugcrowd](https://bugcrowd.com/) - [Cobalt](https://cobalt.io/) - [Bountysource](https://www.bountysource.com/) - [Bounty Factory](https://bountyfactory.io/) - [Coder Bounty](http://www.coderbounty.com/) - [FreedomSponsors](https://freedomsponsors.org/) - [FOSS Factory](http://www.fossfactory.org/) - [Synack](https://www.synack.com/) - [HackenProof](https://hackenproof.com/) - [Detectify](https://cs.detectify.com/) - [Bugbountyjp](https://bugbounty.jp/) - [Safehats](https://safehats.com/) - [BugbountyHQ](https://www.bugbountyhq.com/) - [Hackerhive](https://hackerhive.io/) - [Hacktrophy](https://hacktrophy.com/) - [AntiHACK](https://www.antihack.me/) - [CESPPA](https://www.cesppa.com/) ### Available Programs - [123Contact Form](http://www.123contactform.com/security-acknowledgements.htm) - [99designs](https://hackerone.com/99designs) - [Abacus](https://bugcrowd.com/abacus) - [Acquia](mailto:security@acquia.com) - [ActiveCampaign](mailto:security@activecampaign.com) - [ActiveProspect](mailto:security@activeprospect.com) - [Adobe](https://hackerone.com/adobe) - [AeroFS](mailto:security@aerofs.com) - [Airbitz](https://cobalt.io/airbitz) - [Airbnb](https://hackerone.com/airbnb) - [Algolia](https://hackerone.com/algolia) - [Altervista](http://en.altervista.org/feedback.php?who=feedback) - [Altroconsumo](https://go.intigriti.com/altroconsumo) - [Amara](mailto:security@amara.org) - [Amazon Web Services](mailto:aws-security@amazon.com) - [Amazon.com](mailto:security@amazon.com) - [ANCILE Solutions Inc.](https://bugcrowd.com/ancile) - [Anghami](https://hackerone.com/anghami) - [ANXBTC](https://cobalt.io/anxbtc) - [Apache httpd](https://hackerone.com/ibb-apache) - [Appcelerator](mailto:Infosec@appcelerator.com) - [Apple](mailto:product-security@apple.com) - [Apptentive](https://www.apptentive.com/contact) - [Aptible](mailto:security@aptible.com) - [Ardour](http://tracker.ardour.org/my_view_page.php) - [Arkane](https://go.intigriti.com/arkanenetwork) - [ARM mbed](mailto:whitehat@polarssl.org) - [Asana](mailto:security@asana.com) - [ASP4all](mailto:support@asp4all.nl) - [AT&T](https://bugbounty.att.com/bugform.php) - [Atlassian](https://securitysd.atlassian.net/servicedesk/customer/portal/2) - [Attack-Secure](mailto:admin@attack-secure.com) - [Authy](mailto:security@authy.com) - [Automattic](https://hackerone.com/automattic) - [Avast!](mailto:bugs@avast.com) - [Avira](mailto:vulnerabilities@avira.com) - [AwardWallet](https://cobalt.io/awardwallet) - [Badoo](https://corp.badoo.com/en/security/#send_bid) - [Barracuda](https://bugcrowd.com/barracuda) - [Base](https://go.intigriti.com/base) - [Basecamp](mailto:security@basecamp.com) - [Beanstalk](https://wildbit.wufoo.com/forms/wildbit-security-response) - [BillGuard](https://cobalt.io/billguard) - [Billys Billing](https://cobalt.io/billys-billing) - [Binary.com](https://hackerone.com/binary) - [Binary.com Cashier](https://hackerone.com/binary_cashier) - [BitBandit.eu](https://cobalt.io/bitbandit-eu) - [Bitcasa](mailto:security@bitcasa.com) - [BitCasino](https://cobalt.io/bitcasino) - [BitGo](https://cobalt.io/bitgo) - [BitHealth](https://cobalt.io/bithealth) - [BitHunt](https://hackerone.com/bithunt) - [BitMEX](https://cobalt.io/bitmex) - [Bitoasis](https://cobalt.io/bitoasis) - [Bitpagos](https://cobalt.io/bitpagos) - [Bitrated](https://cobalt.io/bitrated) - [Bitreserve](https://cobalt.io/bitreserve) - [Bitspark](https://cobalt.io/bitspark) - [Bitwage](https://cobalt.io/bitwage) - [BitWall](mailto:request@bitwall.io) - [BitYes](https://cobalt.io/bityes) - [BlackBerry](https://global.blackberry.com/secure/report-an-issue/en.html) - [Blackboard](mailto:learnsecurity@blackboard.com) - [Blackphone](https://bugcrowd.com/blackphone) - [Blesta](mailto:security@blesta.com) - [Block.io](https://hackerone.com/blockio) - [Block.io, Inc.](https://cobalt.io/block-io-inc) - [Blockchain.info](https://cobalt.io/blockchain-info) - [BlockScore](https://cobalt.io/blockscore) - [Bookfresh](https://hackerone.com/bookfresh) - [Box](mailto:security-reports@box.com) - [Braintree](mailto:security@braintreepayments.com) - [Brussels Airlines](https://go.intigriti.com/brusselsairlines) - [BTC_sx](https://cobalt.io/btc-sx) - [Buffer](mailto:security@bufferapp.com) - [BX.in.th](https://cobalt.io/bx-in-th) - [C2FO](https://hackerone.com/c2fo) - [Campaign Monitor](https://help.campaignmonitor.com/contact) - [CARD.com](https://bugcrowd.com/card) - [Catchafire](https://cobalt.io/catchafire) - [Caviar](https://hackerone.com/caviar) - [CCBill](mailto:bugrewards@ccbill.com) - [CERT/CC](https://hackerone.com/cert) - [Certly](https://hackerone.com/certly) - [ChainPay](https://cobalt.io/chainpay) - [ChangeTip](https://cobalt.io/changetip) - [Chargify](https://bugcrowd.com/chargify) - [Chromium Project](https://code.google.com/p/chromium/issues/entry?template=Security%20Bug) - [Circle](https://cobalt.io/circle) - [CircleCI](mailto:security@circleci.com) - [Cisco](http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html#roosfassv) - [ClickUp](https://clickup.com/bug-bounty) - [Clojars](mailto:contact@clojars.org) - [CloudFlare](https://hackerone.com/cloudflare) - [Cobalt](https://cobalt.io/cobalt) - [Code Climate](mailto:security@codeclimate.com) - [CodeIgniter](https://hackerone.com/codeigniter) - [CodePen](https://bugcrowd.com/codepen) - [Coin Republic](https://cobalt.io/coin-republic) - [Coin.Space](https://hackerone.com/coinspace) - [Coinage](https://cobalt.io/coinage) - [Coinbase](https://hackerone.com/coinbase) - [CoinDaddy](https://cobalt.io/coindaddy) - [Coinkite](mailto:feedback@coinkite.com?subject=%5BVulnerability%5D%20-%20) - [Coinport](https://cobalt.io/coinport) - [coins.ph](https://cobalt.io/coins-ph) - [Cointrader.net](https://cobalt.io/cointrader-net) - [Coinvoy](https://cobalt.io/coinvoy) - [Collishop](https://go.intigriti.com/collishop) - [Colruyt](https://go.intigriti.com/colruyt) - [Compose](mailto:security@compose.io) - [concrete5](https://hackerone.com/concrete5) - [Constant Contact](mailto:vulnerability@constantcontact.com) - [Counterparty](https://cobalt.io/counterparty) - [Coupa](mailto:security@coupa.com) - [Coursera](https://hackerone.com/coursera) - [cPanel](mailto:security@cpanel.net) - [cPaperless](mailto:support@cPaperless.com) - [Crix.io](https://cobalt.io/crixio) - [Cross Border Fines](https://go.intigriti.com/crossborderfines) - [CrowdShield](https://crowdshield.com/bug-bounty-list.php?bug_bounty_program=crowdshield) - [Cryptocat](https://github.com/cryptocat/cryptocat/issues) - [Cupcake](mailto:security@cupcake.io) - [CustomerInsight](mailto:admin@customerinsight.ca) - [Cylance](https://hackerone.com/cylance) - [Dato Capital](mailto:security%40datocapital.com) - [Detectify](mailto:disclosure@detectify.com) - [De Volkskrant](https://go.intigriti.com/devolkskrant) - [Delen Private Bank](https://go.intigriti.com/delen) - [DigitalOcean](mailto:security@digitalocean.com) - [DigitalSellz](https://hackerone.com/digitalsellz) - [Django](https://hackerone.com/django) - [Doorkeeper](mailto:info@doorkeeper.jp) - [DoSomething](https://cobalt.io/dosomething) - [DPD](mailto:security@dpd.zendesk.com) - [Dragon King](https://hackenproof.com/neverdie/dragon-king) - [Dreambaby](https://go.intigriti.com/dreamland) - [Dreamland](https://go.intigriti.com/dream) - [Dropbox](https://hackerone.com/dropbox) - [Dropbox Acquisitions](https://hackerone.com/dropbox-acquisitions) - [Drupal](https://www.drupal.org/node/101494) - [eBay](http://pages.ebay.com/securitycenter/Researchers.html) - [Eclipse](mailto:security@eclipse.org) - [eHealth Hub VZN KUL](https://go.intigriti.com/ehealthhubvznkul) - [EMC](mailto:security_alert@emc.com) - [Enano](mailto:security@enanocms.org) - [Engine Yard](mailto:security@engineyard.com) - [Envoy](https://hackerone.com/envoy) - [Eobot](https://cobalt.io/eobot) - [EthnoHub](mailto:security@ethnohub.com) - [Etsy](https://www.etsy.com/bounty) - [EVE](mailto:security@ccpgames.com) - [Event Espresso](http://eventespresso.com/report-a-security-vulnerability) - [Everitoken](https://hackenproof.com/everitoken/everitoken-blockchain) - [Evernote](mailto:security@evernote.com) - [EURid](https://go.intigriti.com/eurid) - [Expatistan](mailto:gerardo@expatistan.com) - [ExpressionEngine](https://hackerone.com/expressionengine) - [Ezbob](https://cobalt.io/ezbob) - [Facebook](https://www.facebook.com/whitehat) - [Faceless](https://hackerone.com/faceless) - [Factlink](https://hackerone.com/factlink) - [FanFootage](https://hackerone.com/fanfootage) - [FastSlots](https://cobalt.io/fastslots) - [Flash](https://hackerone.com/flash) - [Flood](mailto:support@flood.io) - [Flow Dock](mailto:security@flowdock.com) - [Flox](https://hackerone.com/flox) - [Fluxiom](mailto:security@fluxiom.com) - [Fog Creek](http://www.fogcreek.com/contact) - [FormAssembly](mailto:security@formassembly.com) - [Founder Bliss](https://cobalt.io/founder-bliss) - [Foursquare](mailto:security@foursquare.com) - [Freelancer](mailto:security-reporting@freelancer.com) - [Gallery](mailto:security@galleryproject.org) - [Gamma](mailto:security-alert@intergamma.nl) - [Gemfury](mailto:security@gemfury.com) - [General Motors](https://hackerone.com/gm) - [GhostMail](https://hackerone.com/gmguys) - [GitHub](https://bounty.github.com/submit-a-vulnerability.html) - [GitLab](https://hackerone.com/gitlab) - [GlassWire](https://hackerone.com/glasswire) - [Gliph](mailto:security@gli.ph) - [GlobaLeaks](https://hackerone.com/globaleaks) - [Google PRP](mailto:security-patches@google.com) - [Google VRP](https://www.google.com/about/appsecurity/reward-program/index.html) - [Grammarly](https://hackerone.com/grammarly) - [Gratipay](https://hackerone.com/gratipay) - [GreenAddress](https://cobalt.io/greenaddress) - [Greenhouse.io](https://hackerone.com/greenhouse) - [Grok Learning](mailto:security@groklearning.com) - [HackenProof](https://hackenproof.com/hacken/hackenproof) - [HackerOne](https://hackerone.com/security) - [Harmony](mailto:security@collectiveidea.com) - [Heroku](https://bugcrowd.com/heroku) - [Hex-Rays](mailto:bugbounty@hex-rays.com) - [Hive Wallet](https://cobalt.io/hive-wallet) - [Hootsuite](mailto:security@hootsuite.com) - [HTC](mailto:security@htc.com) - [Huawei](mailto:psirt@huawei.com) - [Hubdia](https://hackerone.com/hubdia) - [Humble Bundle](https://bugcrowd.com/humblebundle) - [IAM KU Leuven](https://go.intigriti.com/kuleuvenlogin) - [Ian Dunn](https://hackerone.com/iandunn-projects) - [IBM](https://www.ibm.com/scripts/contact/contact/us/en/security_vulnerabilities) - [ICEcoder](https://bugcrowd.com/icecoder) - [Iconfinder](mailto:support@iconfinder.com) - [Ifixit](mailto:security@ifixit.com) - [Imgur](https://hackerone.com/imgur) - [ImpressPages](https://cobalt.io/impresspages) - [Indeed](https://bugcrowd.com/indeed) - [Independent Reserve](https://cobalt.io/independent-reserve) - [Informatica](https://hackerone.com/informatica) - [IntegraXor](http://www.integraxor.com/support.html) - [Internetwache](mailto:security@internetwache.org) - [InVision](https://hackerone.com/invision) - [IRCCloud](https://hackerone.com/irccloud) - [itBit Exchange](https://hackerone.com/itbit) - [ITRP](mailto:security@itrp.com) - [itsme](https://go.intigriti.com/itsme) - [joola.io](https://hackerone.com/joola-io) - [Joomla](http://vel.joomla.org/submit-vel) - [JRuby](mailto:security@jruby.org) - [jsDelivr](https://hackerone.com/jsdelivr) - [Juniper](mailto:sirt@juniper.net) - [Kadira](https://hackerone.com/kadira) - [Kaneva](mailto:security@kaneva.com) - [Kayako](http://my.kayako.com/Tickets/Submit) - [Kenna](https://bugcrowd.com/riskio) - [Keybase](https://hackerone.com/keybase) - [Khan Academy](https://hackerone.com/khanacademy) - [SKB Kontur](https://kontur.ru/.well-known/security.txt) - [Kraken](mailto:bugbounty@kraken.com) - [Kinepolis](https://go.intigriti.com/kinepolis) - [Kuna](https://hackenproof.com/kuna/kuna-crypto-exchange) - [Lancor Income](https://cobalt.io/lancor-income) - [LastPass](mailto:security@lastpass.com) - [LaunchKey](mailto:security@launchkey.com) - [Lean Testing](https://hackerone.com/leantesting) - [Librato](mailto:security@librato.com) - [LibSass](https://hackerone.com/libsass) - [Liferay](mailto:security@liferay.com) - [Line](https://bugbounty.linecorp.com/en/) - [LinkedIn](mailto:security@linkedin.com) - [LiveEnsure](http://www.liveensure.com/contact.php) - [LocalBitcoins](https://cobalt.io/localbitcoins) - [Localize](https://hackerone.com/localize) - [Logentries](mailto:security@logentries.com) - [Lookout](mailto:security@lookout.com) - [Magento](mailto:security@magento.com) - [MAGIX](mailto:security@magix.net) - [Mahara](mailto:security@mahara.org) - [MaiCoin](https://cobalt.io/maicoin) - [Mail.Ru](https://hackerone.com/mailru) - [Mailbird](https://cobalt.io/mailbird) - [MailChimp](http://mailchimp.com/about/security-response/) - [ManageBGL](https://cobalt.io/managebgl) - [ManageWP](mailto:security@managewp.com) - [MapLogin](https://hackerone.com/maplogin) - [Marietje Schaake](https://go.intigriti.com/marietjeschaake) - [Marktplatts](https://hackerone.com/marktplaats) - [Mavenlink](https://hackerone.com/mavenlink) - [Maximum](https://hackerone.com/maximum) - [MCProHosting](https://bugcrowd.com/mcprohostings) - [MEGA](mailto:bugs@mega.co.nz) - [Mercury](https://cobalt.io/mercury) - [Meteor](https://hackerone.com/meteor) - [meXBT](https://cobalt.io/mexbt) - [Microsoft](mailto:secure@microsoft.com) - [Mimecast](mailto:disclosure@mimecast.com) - [Mobile Vikings](https://go.intigriti.com/mobilevikings) - [Mobile Vikings](https://hackerone.com/mobilevikings) - [Modus CSR](mailto:security@moduscsr.com) - [MoneyBird](mailto:security@moneybird.com) - [MoneyStream](https://hackerone.com/moneystream) - [Moodle](mailto:security@moodle.org) - [Motorola Solutions](mailto:security@motorolasolutions.com) - [Mozilla](https://www.mozilla.org/en-US/security/bug-bounty/) - [mynxt.info](https://cobalt.io/mynxt-info) - [NCSC](mailto:cert@ncsc.nl) - [Nearby Live](https://hackerone.com/nearby) - [Nest](mailto:security@nest.com) - [Netflix](mailto:security-report@netflix.com) - [Neverdie Smart Contract](https://hackenproof.com/neverdie/neverdie-smart-contract) - [Neverdie Web](https://hackenproof.com/neverdie/neverdie-web) - [Nexmo](https://cobalt.io/nexmo) - [Nexuzhealth](https://go.intigriti.com/nexushealth) - [Nexuzhealth Web PACS](https://go.intigriti.com/nexuzhealthwebpacs) - [Nginx](https://hackerone.com/ibb-nginx) - [Nitrous](mailto:security@nitrous.io) - [Nokia Networks](mailto:security-alert@nokia.com) - [NoPass](https://cobalt.io/nopass) - [NZRS](mailto:security@nzrs.net.nz) - [Offensive Security](mailto:security@offensive-security.com) - [ok.ru](https://hackerone.com/ok) - [OKCoin](https://cobalt.io/okcoin) - [OkCupid](https://hackerone.com/okcupid) - [Olark](mailto:security@olark.com) - [OneSpan Mobile](https://go.intigriti.com/vascomobileproducts) - [OneSpan Server Products](https://go.intigriti.com/vascoserver-sideproducts) - [Opal Cryptocurrency](https://cobalt.io/opal-cryptocurrency) - [Openfolio](https://hackerone.com/openfolio) - [OpenSSL](https://hackerone.com/ibb-openssl) - [OpenStack](https://security.openstack.org/#how-to-report-security-issues-to-openstack) - [OpenText](mailto:otst@opentext.com) - [Opera](https://bugs.opera.com/wizarddesktop) - [Optimizely](https://cobalt.io/optimizely) - [Oracle](mailto:secalert_us@oracle.com) - [ownCloud](https://hackerone.com/owncloud) - [PagerDuty](mailto:security@pagerduty.com) - [Panasonic Avionics](https://hackerone.com/panasonic-aero) - [Pantheon](https://bugcrowd.com/pantheon) - [Panzura](mailto:security@panzura.com) - [Paragon Initiative Enterprises](https://hackerone.com/paragonie) - [Paychoice](mailto:security@paychoice.com.au) - [PayMill](mailto:security@paymill.com) - [PayPal](mailto:https://www.paypal.com/bugbounty/register) - [Paytm](https://bugbounty.paytm.com) - [Perl](https://hackerone.com/ibb-perl) - [Phabricator](https://hackerone.com/phabricator) - [PHP](https://bugs.php.net/report.php) - [Pidgin](mailto:security@pidgin.im) - [PikaPay](mailto:security@pikapay.com) - [PinoyHackNews](mailto:admin@pinoyhacknews.com) - [Pinterest](https://bugcrowd.com/pinterest) - [Piwik Open Source Analytics](https://cobalt.io/piwik-open-source-analytics) - [Plone](mailto:security@plone.org) - [Pocket](mailto:security@getpocket.com) - [Poloniex](https://cobalt.io/poloniex) - [Postmark](https://wildbit.wufoo.com/forms/wildbit-security-response) - [Prezi](mailto:security-bug-bounty@prezi.com) - [Projectplace](https://hackerone.com/projectplace) - [PullReview](mailto:security@pullreview.com) - [Puppet labs](mailto:security@puppetlabs.com) - [PureVPN](https://bugcrowd.com/purevpn) - [Python](mailto:security@python.org) - [QIWI](https://hackerone.com/qiwi) - [Quadriga CX](https://cobalt.io/quadriga-cx) - [QuickBT](https://cobalt.io/quickbt) - [Quora](https://hackerone.com/quora) - [Rackspace](mailto:security@rackspace.com) - [Rdbhost_service](https://cobalt.io/rdbhost-service) - [Red Hat](mailto:site-security@redhat.com) - [Reddit](mailto:security@reddit.com) - [Relaso](mailto:security@relaso.com) - [RelateIQ](mailto:security@relateiq.com) - [Release Wire](http://www.releasewire.com/about/contact) - [Respondly](https://hackerone.com/respondly) - [Revive Adserver](https://hackerone.com/revive_adserver) - [Ribose](https://www.ribose.com/feedbacks/security) - [Ripio](https://cobalt.io/ripio) - [Ripple](mailto:bugs@ripple.com) - [Riskalyze](mailto:security@riskalyze.com) - [Romit](https://hackerone.com/romit) - [Ruby](mailto:security@ruby-lang.org) - [Ruby on Rails](https://hackerone.com/rails) - [Salesforce](mailto:security@salesforce.com) - [Samsung TV](https://samsungtvbounty.com/ReportBug.aspx) - [Sandbox Escape](https://hackerone.com/sandbox) - [SAP](mailto:secure@sap.com) - [Schuberg Philis](mailto:abuse@schubergphilis.com) - [Scorpion Software](mailto:security@scorpionsoft.com) - [Secret](https://hackerone.com/secret) - [Secure Works](mailto:security@secureworks.com) - [Sellfy](http://docs.sellfy.com/contact) - [Sentiance](https://go.intigriti.com/sentiance) - [ServiceRocket](https://bugcrowd.com/servicerocket) - [ShareLaTeX](mailto:team@sharelatex.com) - [Sherpany](https://cobalt.io/sherpany) - [Shopify](https://hackerone.com/shopify) - [Sifter](mailto:security@sifterapp.com?subject=%27Security%20Vulnerability%20Report%27) - [Silent Circle](https://bugcrowd.com/silentcircle) - [Simple](https://bugcrowd.com/simple) - [SiteGround](mailto:responsible-disclosure@siteground.com) - [Skoodat](mailto:security@skoodat.com) - [Skrill](https://cobalt.io/skrill) - [Skyscanner](https://bugcrowd.com/skyscanner) - [Slack](https://hackerone.com/slack) - [Snapchat](https://hackerone.com/snapchat) - [Snappy](mailto:security@userscape.com) - [Sonatype](mailto:security@sonatype.com) - [Sony](https://secure.sony.net/form) - [SoundCloud](https://scsecurity.freshdesk.com/support/tickets/new) - [Spaargids](https://go.intigriti.com/spaargids) - [SpectroCoin](https://cobalt.io/spectrocoin) - [Spendbitcoins](https://cobalt.io/spendbitcoins) - [SplashID](https://bugcrowd.com/splashid) - [Splitwise](mailto:security@splitwise.com) - [Spotify](mailto:security@spotify.com) - [Sprout Social](mailto:security@sproutsocial.com) - [Square](https://hackerone.com/square) - [Square Open Source](https://hackerone.com/square-open-source) - [StatusPage](https://bugcrowd.com/sunrise) - [StopTheHacker](https://hackerone.com/stopthehacker) - [Student Assessment System](https://go.intigriti.com/printscan) - [Studio 100](https://go.intigriti.com/studio100) - [Subledger](https://cobalt.io/subledger) - [Subrosa](https://cobalt.io/subrosa) - [Sucuri](https://hackerone.com/sucuri) - [Suivo](https://go.intigriti.com/suivoweb) - [Symantec](mailto:secure@symantec.com) - [Taptalk](https://hackerone.com/taptalk) - [Tarsnap](mailto:cperciva@tarsnap.com) - [TeamUnify](mailto:security@teamunify.com) - [Tele2](mailto:beveiligingsmeldpunt@tele2.com) - [Telekom](mailto:cert@telekom.de?subject=bug_bounty) - [Telenet](https://go.intigriti.com/telenet) - [Test-Aankoop](https://go.intigriti.com/testaankoop) - [The Internet](https://hackerone.com/internet) - [The Mastercoin Foundation](https://cobalt.io/the-mastercoin-foundation) - [ThisData](https://hackerone.com/thisdata) - [TimeTrex](https://cobalt.io/timetrex) - [ToyTalk](https://hackerone.com/toytalk) - [Trello](https://hackerone.com/trello) - [Tuenti](http://corporate.tuenti.com/en/contact/security) - [Tweakers](https://go.intigriti.com/tweakers) - [Twilio](https://bugcrowd.com/twilio) - [Twitch](mailto:security@twitch.tv) - [Twitter](https://hackerone.com/twitter) - [Uber](mailto:security-abuse@uber.com) - [Ubiquiti Networks](https://hackerone.com/ubnt) - [Unitag](mailto:security@unitag.io) - [Urban Dictionary](https://hackerone.com/urbandictionary) - [Uzbey](https://hackerone.com/uzbey) - [Valve Software](mailto:security@valvesoftware.com) - [VeChainThor](https://hackenproof.com/vechain/vechainthor) - [VeChainThor Wallet](https://hackenproof.com/vechain/vechainthor-wallet) - [VCE](mailto:security-alerts@vce.com) - [Venmo](mailto:security@venmo.com) - [Version Cake](https://hackerone.com/versioncake) - [Viadeo](mailto:security@viadeo.com) - [Vimeo](https://hackerone.com/vimeo) - [VK.com](https://hackerone.com/vkcom) - [Volusion](https://bugcrowd.com/volusion) - [VPNSox](https://cobalt.io/vpnsox) - [vulners.com](https://hackerone.com/vulnerscom) - [Vultr](https://www.vultr.com/bug-bounty/) - [Webconverger](mailto:security@webconverger.com) - [Websecurify](http://campaigns.websecurify.com/money-for-bugs/#contact) - [Weebly](https://cobalt.io/weebly) - [WePay](https://hackerone.com/wepay) - [Whisper](https://hackerone.com/whisper) - [WHMCS](https://bugcrowd.com/whmcs) - [Windthorst ISD](http://www.windthorstisd.net/BugReport.cfm) - [withinsecurity](https://hackerone.com/withinsecurity) - [WizeHive](mailto:security@wizehive.com) - [Woorank](https://go.intigriti.com/woorank) - [WordPoints](https://hackerone.com/wordpoints) - [Wordware](https://cobalt.io/wordware) - [WP API](https://hackerone.com/wp-api) - [Xen Project](mailto:security@xenproject.org) - [Xmarks](mailto:security@lastpass.com) - [Yahoo](https://hackerone.com/yahoo) - [Yandex](https://yandex.com/bugbounty/report) - [Yanomo](mailto:support@yanomo.com) - [Yesware](mailto:security@yesware.com) - [Zapier](mailto:security@zapier.com) - [Zaption](https://hackerone.com/zaption) - [ZenCash](mailto:security@zencash.com) - [Zendesk](https://hackerone.com/zendesk) - [Zetetic](mailto:support@zetetic.net) - [Ziggo](mailto:security@ziggo.nl) - [Zimbra](mailto:security@zimbra.com) - [Zoho](https://bugbounty.zoho.com/bb/info) - [Zomato](https://hackerone.com/zomato) - [Zopim](https://hackerone.com/zopim) - [Zynga](mailto:whitehat@zynga.com) ## Aggregators - [BountyHQ](https://bountyhq.secapps.com/) ## License [![CC0](http://mirrors.creativecommons.org/presskit/buttons/88x31/svg/cc-zero.svg)](https://creativecommons.org/publicdomain/zero/1.0/) To the extent possible under law, [Dheeraj Joshi](https://github.com/djadmin) has waived all copyright and related or neighboring rights to this work.