Jump to content
Nytro

Lista site-urilor care au un program Bug Bounty

Recommended Posts

Vom mentine aici o lista cu site-urile care au un program bug bounty.

Google

http://www.google.com/about/appsecurity/reward-program/

Facebook

https://www.facebook.com/whitehat/bounty

Mozilla

http://www.mozilla.org/security/bug-bounty.html

Paypal

https://www.paypal.com/us/webapps/mpp/security/reporting-security-issues

Secunia

http://secunia.com/community/research/svcrp/

Etsy

http://codeascraft.etsy.com/2012/09/11/announcing-the-etsy-security-bug-bounty-program/

Barracuda

http://www.barracudalabs.com/bugbounty/

----------------------------------------------------------------------------------------------

Site-uri care vor mentiona persoanele care le raporteaza vulnerabilitati:

Adobe

http://www.adobe.com/support/security/alertus.html

Twitter

https://twitter.com/about/security

EBay

http://pages.ebay.com/securitycenter/ResearchersAcknowledgement.html

Microsoft

http://technet.microsoft.com/en-us/security/ff852094.aspx

Apple

http://support.apple.com/kb/HT1318

Dropbox

https://www.dropbox.com/security

Reddit

http://code.reddit.com/wiki/help/whitehat

Github

https://help.github.com/articles/responsible-disclosure-of-security-vulnerabilities

Ifixit

http://www.ifixit.com/Info/responsible_disclosure

37 Signals

http://37signals.com/security-response

Twilio

http://www.twilio.com/blog/2012/03/reporting-security-vulnerabilities.html

Constant Contact

http://www.constantcontact.com/about-constant-contact/security/report-vulnerability.jsp

Engine Yard

http://www.engineyard.com/legal/responsible-disclosure-policy

Lastpass

https://lastpass.com/support_security.php

RedHat

https://access.redhat.com/knowledge/articles/66234

Acquia

https://www.acquia.com/how-report-security-issue

Zynga

http://company.zynga.com/security/whitehats

Owncloud

http://owncloud.org/security/policy

Tuenti

http://corporate.tuenti.com/en/dev/hall-of-fame

Soundcloud

http://help.soundcloud.com/customer/portal/articles/439715-responsible-disclosure

Nokia Siemens Networks

http://www.nokiasiemensnetworks.com/about-us/responsible-disclosure

Yandex Bug Bounty

http://company.yandex.com/security/hall-of-fame.xml 

Lista originala: List of Bug Bounty program for PenTesters and Ethical Hackers - E Hacker News

Lista este in curs de actualizare. Daca aveti ceva de completat, postati in acest topic si vom actualiza si aici.

  • Thanks 1
  • Upvote 1

Share this post


Link to post
Share on other sites

Share this post


Link to post
Share on other sites

Mozilla

security@mozilla.org

Security Center

http://www.mozilla.org/projects/security...olicy.html

Mozilla Foundation Security Advisories

Google

security@google.com

https://www.google.com/appserve/security...owod28bhr2

Facebook

Facebook

Paypal

sitesecurity@paypal.com

https://cms.paypal.com/cgi-bin/marketing...ity_issues

Etsy

Etsy - Your place to buy and sell all things handmade, vintage, and supplies

Wordpress

http://www.whitefirdesign.com/about/word...ogram.html

Commonsware

CommonsWare

CCBill

Sitemap | CCBill

Online Merchant Services for Payment Processing | CCBill

Vark

http://www.vark.com

Windthorstisd

Bug Report

Bug Bounty Websites for Products Vulnerability

Mozilla

Security Center

http://www.mozilla.org/security/known-vu...refox.html

Bugcrowd – Crowdsourced security testing. We run managed bug bounty programs for websites and mobile apps - Bugcrowd - NOTE: Bugcrowd runs managed bug bounty programs for business and you are notified when new Bugcrowd bug bounty programs are launched.

Facebook - Facebook

Etsy – Etsy - Help

Google – Program Rules – Application Security – Google

Paypal – https://www.paypal.com/us/webapps/mpp/se...ity-issues

Mozilla – Mozilla Security Bug Bounty Program

Piwik -http://piwik.org/security/

Barracuda – Barracuda Networks Security Bug Bounty Program

Yandex – Yandex.Company — Bug Bounty Program

Gallery - Bounties - Gallery Codex

CCBill – Sitemap | CCBill

GhostScript - Ghostscript: Bug bounty program

Qmail - http://cr.yp.to/djbdns/guarantee.html

AT&T - http://developer.att.com/developer/apiDe...d=10700235

Tarsnap - https://www.tarsnap.com/bugbounty.html

Samsung - https://samsungtvbounty.com/

Hex-Rays - https://www.hex-rays.com/bugbounty.shtml

Access - https://www.accessnow.org/prize

Ardour - http://ardour.org/bugbounty

Artifex Software - Ghostscript: Bug bounty program

Commonsware - CommonsWare

Vark - http://www.vark.com

Windthorstisd - Bug Report

BROKERS AND SECURITY COMPANIES

HP Zero-Day Initiative (ZDI) - Zero Day Initiative

COSINC - COSEINC - Advisory

Beyond Security - SecuriTeam Secure Disclosure

Exodus Intelligence - https://www.exodusintel.com/eip/

iDefense - https://www.verisigninc.com/en_US/produc...ndex.xhtml

White Fir Design - https://www.whitefirdesign.com/about/wor...ogram.html

Secunia - Vulnerability Reward - SVCRP Reporting Scheme - Secunia

ExploitHub - https://www.exploithub.com/request/index...trequests/

Insight Partners - https://gvp.isightpartners.com/program_d...§ion=0

Netragard - EAP | Netragard's SNOsoft Research Team

Mozilla

security@mozilla.org

http://www.mozilla.org/security

http://www.mozilla.org/projects/security/security-bugs-policy.html

http://www.mozilla.org/security/announce

Google

security@google.com

https://www.google.com/appserve/security-bugs/new?rl=xkp7zert49a5q6owod28bhr2

Facebook

http://www.facebook.com/whitehat/bounty

Paypal

sitesecurity@paypal.com

https://cms.paypal.com/cgi-bin/marketingweb?cmd=_render-content&content_ID=security/reporting_security_issues

Etsy

security-reports@etsy.com

http://www.etsy.com/help/article/2463

Wordpress

http://www.whitefirdesign.com/about/wordpress-security-bug-bounty-program.html

Commonsware

http://commonsware.com/bounty.html

CCBill

http://www.ccbill.com/developers/security/vulnerability-reward-program.php

http://www.ccbill.com/developers/security/rewards.php

Vark

http://www.vark.com

Windthorstisd

http://www.windthorstisd.net/BugReport.cfm

Bug Bounty Websites for Products Vulnerability

Mozilla

http://www.mozilla.org/security

http://www.mozilla.org/security/known-vulnerabilities/firefox.html

Google Chrome

http://www.chromium.org/Home/chromium-security/vulnerability-rewards-program

Zero Day Initiative

http://www.zerodayinitiative.com

Barracuda

bugbounty@barracuda.com

http://www.barracudalabs.com/bugbounty

http://www.barracudalabs.com/bugbounty/halloffame.html

Artifex Software

http://www.ghostscript.com/Bug_bounty_program.html

Hex Rays

http://www.hex-rays.com/bugbounty.shtml

Ardour

http://ardour.org/bugbounty

Piwik

http://piwik.org/security

Hall of Fame & Responsible Disclosure Websites(No Bounties)

Microsoft

http://technet.microsoft.com/en-us/security/cc308589

http://technet.microsoft.com/en-us/security/cc308575

http://technet.microsoft.com/en-us/security/cc261624

http://www.microsoft.com/security/msrc/default.aspx

http://technet.microsoft.com/en-us/security/ff852094.aspx

Apple

product-security@apple.com

http://support.apple.com/kb/HT1318

https://ssl.apple.com/support/security/

Adobe

http://www.adobe.com/support/security/bulletins/securityacknowledgments.html

http://www.adobe.com/support/security/alertus.html

IBM

http://www-03.ibm.com/security/secure-engineering/report.html

Twitter

https://twitter.com/about/security

http://support.twitter.com/groups/33-report-abuse-or-policy-violations/topics/122-reporting-violations/articles/477159-how-to-report-xss-api-and-other-security-vulnerabilities#

https://support.twitter.com/forms

Dropbox

security@dropbox.com

https://www.dropbox.com/security

https://www.dropbox.com/special_thanks

Cisco

http://tools.cisco.com/security/center/home.x#~alerts

Moodle

http://moodle.org/security

Drupal

http://drupal.org/security-team

Oracle

http://www.oracle.com/us/support/assurance/reporting/index.html

Symantec

http://www.symantec.com/security

Ebay

http://pages.ebay.com/securitycenter/Researchers.html

Twilio

http://www.twilio.com/blog/2012/03/reporting-security-vulnerabilities.html

37 Signals

http://37signals.com/security-response

Salesforce

http://www.salesforce.com/company/privacy/disclosure.jsp

Reddit

http://code.reddit.com/wiki/help/whitehat

Github

http://help.github.com/responsible-disclosure/

Ifixit

http://www.ifixit.com/Info/responsible_disclosure

Constant Contact

http://www.constantcontact.com/about-constant-contact/security/report-vulnerability.jsp

Zeggio

http://www.zeggio.com

Simplify

http://simplify-llc.com/simplify-security.html

Team Unify

http://www.teamunify.com/__corp__/security.php

Skoodat

http://www.skoodat.com/Security

Relaso

http://relaso.com/disclosure

Moduscsr

http://www.moduscsr.com/security_statement.php

Cloudnetz

http://cloudnetz.com/Legal/vulnerability-testing-policy.html

Emptrust

http://www.emptrust.com/Security.aspx

Apriva

http://www.apriva.com/security

Amazon

http://aws.amazon.com/security/vulnerability-reporting

SqaureUp

https://squareup.com/security/levels

G-Sec

http://www.g-sec.lu/responsible.disclosure.policy.html

Xen

http://www.xen.org/projects/security_vulnerability_process.html

Engine Yard

http://www.engineyard.com/legal/responsible-disclosure-policy

Lastpass

https://lastpass.com/support_security.php

RedHat

https://access.redhat.com/knowledge/articles/66234

Acquia

https://www.acquia.com/how-report-security-issue

Mahara

security@mahara.org

https://wiki.mahara.org/index.php/Security

Zynga

security@zynga.com

http://company.zynga.com/security/whitehats

Risk.io

https://www.risk.io/security

Opera

http://www.opera.com/security/policy

https://bugs.opera.com/wizarddesktop

http://my.opera.com/securitygroup/blog/2013/04/05/thanks-to-the-researchers

Owncloud

http://owncloud.org/security/policy

http://owncloud.org/security/hall-of-fame

Scorpion Soft

security@scorpionsoft.com

http://www.scorpionsoft.com/company/disclosurepolicy

Norada

http://norada.com/norada/crm/security_response

Cpaperless

http://www.cpaperless.com/securitystatement.aspx

Wizehive

http://www.wizehive.com/security

http://www.wizehive.com/special_thanks.html

Tuenti

http://corporate.tuenti.com/en/dev/hall-of-fame

Nokia Siemens

http://www.nokiasiemensnetworks.com/about-us/responsible-disclosure

Sound Cloud

http://help.soundcloud.com/customer/portal/articles/439715-responsible-disclosure

HTC

http://www.htc.com/us/legal/product-security

Neohapsis

http://www.neohapsis.com/disclosure.php

Nokia

security-alert@nokia.com

http://www.nokia.com/global/security/security

http://www.nokia.com/global/security/acknowledgements

BlackBerry

secure@blackberry.com

https://www.blackberry.com/profile/?eventId=8322

http://us.blackberry.com/business/topics/security/incident-response-team/collaborations.html

Heroku

security@heroku.com

https://policy.heroku.com/security

Chargify

security@chargify.com

https://chargify.com/security

Puppetlabs

http://puppetlabs.com/security

Good luck.

Edited by FiliBlox

Share this post


Link to post
Share on other sites

Si Cannabis Seeds | Buy Marijuana Seeds from #1 UK Online Store daca aveti nevoie de seminte..


<cs1@cannabis-seeds.co.uk>

Mar 28

HI EterNo
Thank you for pointing out the problem.

We will send you some seeds, can you forward us your address and we will get a pack of feminized seeds out to you.
regards

PS: am raportat un XSS

@dreiboy, nu.. nu mai am :) cauta si tu

@tedeus, cine a zis ca locuiesc in Romania?!

PS: am primit si semintele, 6.. si au iesit toate :>

Edited by EterNo

Share this post


Link to post
Share on other sites
Si Cannabis Seeds | Buy Marijuana Seeds from #1 UK Online Store daca aveti nevoie de seminte..


<cs1@cannabis-seeds.co.uk>

Mar 28

HI EterNo
Thank you for pointing out the problem.

We will send you some seeds, can you forward us your address and we will get a pack of feminized seeds out to you.
regards

PS: am raportat un XSS

nu mai ai vreo unu sa m-il imprumuti sa le dau mail? :)))

tare as avea nevoie de niste seminte

Share this post


Link to post
Share on other sites
Si Cannabis Seeds | Buy Marijuana Seeds from #1 UK Online Store daca aveti nevoie de seminte..


<cs1@cannabis-seeds.co.uk>

Mar 28

HI EterNo
Thank you for pointing out the problem.

We will send you some seeds, can you forward us your address and we will get a pack of feminized seeds out to you.
regards

PS: am raportat un XSS

@dreiboy, nu.. nu mai am :) cauta si tu

Dude, calmeaza-te. Vezi ca toate pachetele primite sunt monitorizate si, din cate stiu, in Romania, sunt interzise.... Asa ca, daca vrei alte probleme in afara de cele pe care ti le poti face numai din exploatarea de vulnerabilitati, da-le adresa ca sa primesti minunatie de seminte.

Puteai sa le spui frumos ca legea romana nu este asa de permisiva si ca, in schimb, accepti orice donatie pentru cateva cafele :). Parerea mea... Tu faci, pana la urma, ce doresti.

Share this post


Link to post
Share on other sites
Dude, calmeaza-te. Vezi ca toate pachetele primite sunt monitorizate si, din cate stiu, in Romania, sunt interzise.... Asa ca, daca vrei alte probleme in afara de cele pe care ti le poti face numai din exploatarea de vulnerabilitati, da-le adresa ca sa primesti minunatie de seminte.

Puteai sa le spui frumos ca legea romana nu este asa de permisiva si ca, in schimb, accepti orice donatie pentru cateva cafele :). Parerea mea... Tu faci, pana la urma, ce doresti.

off:In Romania THC-ul este interzis,semintele NU.Sunt si site-uri romanesti care vand.

on:cred ca ma apuc si eu de cautat bugs.pacat ca multe din ele nu platesc nimic.

Share this post


Link to post
Share on other sites

Bug Bounty

What is better than getting your exploit published on Packet Storm?

Getting paid when your exploit is published on Packet Storm!

Packet Storm is offering large sums of cash for well crafted code execution exploits.

Why is this program better than other bug bounty programs?

Other companies that buy exploits rarely share them with the public and once bought, require that the author does not share them. We are going the other direction on this idea. If the author of the exploit permits it, we plan to release them publicly after sixty days for everyone to download. Win - Win.

Why the disclosure?

Because it helps the greater good and is in-line with our initiative to provide security engineers the ability to test their systems for recently patched vulnerabilities.

I'm in. What are the next steps?

You can talk to us by sending an email to getpaid at packetstormsecurity.com with description of your exploit or by submitting the contact form below. Please do not send us the code at this step.

The list of targets that we are looking for moves constantly. If you believe that you can offer quality exploits that demonstrate full code execution, it is worth a discussion. It is vitally important that you can articulate what is being exploited, how it is being exploited, what systems and patch levels you have tested with, and that your work is 100% yours to sell. We will not accept exploits that already have public proof of concepts, nor will we accept known plagiarized work.

How much money can I make?

Different issues offer different levels of compensation. The typical payout for a working exploit ranges anywhere from $1,000 - $7,000 USD and there is the opportunity for even larger payouts if you have written some amazing zero-day. Nothing is off the table. That said, in the typical pay range, we're also soliciting code execution exploits for "0.5-day" vulnerabilities in mainstream software such as Microsoft Windows and Oracle Java that already have a published advisory but with no known working exploit.

Bug Bounty ? Packet Storm

Share this post


Link to post
Share on other sites

a inceput si microsoft sa ofere recompense financiare :)

Microsoft Launches $100,000 Bug Bounty Program | Threatpost

After years of saying that the company didn’t need a bug bounty program, Microsoft is starting one. The company today will announce the start of a new program that will pay security researchers up to $100,000 for serious vulnerabilities and as much as $50,000 for new defensive techniques that help protect against those flaws.

threatpost.com/microsoft-launches-100000-bug-bounty-program/

Share this post


Link to post
Share on other sites

https://samsungtvbounty.com/

  • Every entry which will be selected, after the evaluation by our security experts, will be rewarded with a bounty.
  • The monetary reward for one bounty is 1000 USD or more.
  • Only one bounty per security bug will be awarded.

Share this post


Link to post
Share on other sites
care e faza cu bugurile astea ? ce se intampla dak le accesez k am incercat si .... nimic :sad: :(

Iti bati capul cu prostii (a gresit Nytro ca te a lasat sa citesti) ... incearca altceva ;)

Share this post


Link to post
Share on other sites

Acele siteuri au un program bug bounty fix,dar si restu de siteuri cat de cat mari dau ceva bani daca ii ajuti,spre exemplu am luat 50 USD pentru un xss in fileice.net .

Share this post


Link to post
Share on other sites

Multe site-uri din urmatoarele au mai fost postate si imi cer scuze pentru aceasta

Google: If you find vulnerability in google , you will get reward as well as your name will be listed in the Google Hall of fame page. Details about Vulnerability Reward Program: Program Rules – Application Security – Google Hall of fame: The "0x0A List" – Application Security – Google - See more at: List of Bug Bounty program for PenTesters and Ethical Hackers - E Hacker News

Security Bug Bounty from facebook:

Minimum reward is $500 USD.

The reward will be increased for severe or creative bugs

Only 1 bounty per security bug will be awarded

https://www.facebook.com/whitehat/bounty

Mozilla Bug Bounty program:

The Mozilla Security Bug Bounty Program is designed to encourage security research in Mozilla software and to reward those who help us create the safest Internet clients in existence.

The bounty for valid web applications or services related security bugs, the are giving a range starting at $500 (US) for high severity and, in some cases, may pay up to $3000 (US) for extraordinary or critical vulnerabilities. they will also include a Mozilla T-shirt.

Mozilla Security Bug Bounty Program

Paypal Bug Bounty Program For Professional Researchers

https://www.paypal.com/us/webapps/mpp/security/reporting-security-issues

Secunia Vulnerability Coordination Reward Program (SVCRP)

SVCRP – a reward program incentive offered by Secunia to researchers who have discovered a vulnerability and would like a third party to confirm their findings and handle the coordination process with the vendor on their behalf: Vulnerability Reward - SVCRP Reporting Scheme - Secunia

Etsy :

Will pay a minimum of $500 for qualifying vulnerabilities, subject to a few conditions and with qualification determined by the Etsy Security Team.

Announcing the Etsy Security Bug Bounty Program

Bugcrowd - https://portal.bugcrowd.com/sign_up/

ASP 4 All - http://www.asp4all.nl/en/over-asp4all/responsible-disclosure

AT&T - http://developer.att.com/developer/apiDetailPage.jsp?passedItemId=10700235 - (To submit you need to sign up to the free Developer API program)

Avast! - http://www.avast.com/bug-bounty

Barracuda - http://barracudalabs.com/?page_id=3456

Coinbase - https://coinbase.com/whitehat

Chromium Project - http://www.chromium.org/Home/chromium-security/vulnerability-rewards-program

Cryptocat - https://crypto.cat/bughunt/

Facebook - http://www.facebook.com/whitehat/bounty/

Etsy - http://www.etsy.com/help/article/2463

Gallery - http://codex.gallery2.org/Bounties

Google - http://www.google.com/about/company/rewardprogram.html

Hex-Rays - http://www.hex-rays.com/bugbounty.shtml

Kaneva - http://docs.kaneva.com/mediawiki/index.php/Bug_Bounty

IntegraXor (SCADA) - http://www.integraxor.com/blog/integraxor-hmi-scada-bug-bounty-program

LaunchKey - https://launchkey.com/docs/whitehat

ManageWP - https://managewp.com/white-hat-reward

Marktplatts - http://statisch.marktplaats.nl/help/responsible_disclosure_policy_en.html

Mega.co.nz - http://thenextweb.com/insider/2013/02/01/kim-dotcom-puts-up-13500-bounty-for-first-person-to-break-megas-security-system/

Meraki - http://www.meraki.com/trust/#srp

Microsoft - http://www.microsoft.com/security/msrc/report/bountyprograms.aspx

Mozilla - http://www.mozilla.org/security/bug-bounty.html

Paypal - https://www.paypal.com/us/webapps/mpp/security/reporting-security-issues

PikaPay - https://www.pikapay.com/pikapay-security-policy/

Piwik - http://piwik.org/security/

Ripple - https://ripple.com/bug-bounty/

Samsung - https://samsungtvbounty.com/

Simple - https://www.simple.com/policies/website-security/

Tarsnap - https://www.tarsnap.com/bugbounty.html

Qmail - http://cr.yp.to/djbdns/guarantee.html

Yandex - http://company.yandex.com/security/index.xml

Access - https://www.accessnow.org/prize

PRODUCT AND SERVICES (HALL OF FAME + SWAG)

Atlassian - https://confluence.atlassian.com/display/SUPPORT/How+to+Report+a+Security+Issue

Dropbox - https://www.dropbox.com/special_thanks (Reward: T-shirt)

Engineyard - https://www.engineyard.com/legal/responsible-disclosure-policy (Reward: T-shirt)

Github - https://help.github.com/articles/responsible-disclosure-of-security-vulnerabilities (Reward: T-shirt and stickers)

ifixit - http://www.ifixit.com/Info/Responsible_Disclosure (Reward: T-shirt)

Paymill - https://www.paymill.com/en-gb/support-3/worth-knowing/security/ (Reward: T-shirt)

Schuberg Philis - http://www.schubergphilis.com/newsroom/library/downloads-policies/responsible-disclosure-policy/

Soundcloud - http://help.soundcloud.com/customer/portal/articles/439715-responsible-disclosure (Reward: T-shirt)

Yahoo - http://security.yahoo.com (Reward: T-shirt)

PRODUCT AND SERVICES (HALL OF FAME ONLY)

Acquia - https://www.acquia.com/how-report-security-issue

ActiveProspect - http://activeprospect.com/activeprospect-security/

Adobe - http://www.adobe.com/support/security/alertus.html

Amazon.com (retail) - please email details to security@amazon.com

Android Free Apps - http://www.androidfreeapp.net/security-researcher-acknowledgments/

Apple - http://support.apple.com/kb/HT1318

Blackberry - http://us.blackberry.com/business/topics/security/incident-response-team/collaborations.html

Braintree - https://www.braintreepayments.com/developers/disclosure

Card - https://www.card.com/responsible-disclosure-policy

cPaperless - http://www.cpaperless.com/securitystatement.aspx

Chargify - https://chargify.com/security/

eBay - http://pages.ebay.com/securitycenter/ResearchersAcknowledgement.html

EVE - http://community.eveonline.com/devblog.asp?a=blog&nbid=2384

Freelancer - http://www.freelancer.com/info/vulnerability-submission.php

Future Of Enforcement - http://futureofenforcement.com/?page_id=695

Gitlab - http://blog.gitlab.com/responsible-disclosure-policy/

Gliph - https://gli.ph/s/security.html

Harmony - http://get.harmonyapp.com/security/

lastpass - https://lastpass.com/support_security.php

Mahara - https://wiki.mahara.org/index.php/Contributors#Security_Researchers

MailChimp - http://mailchimp.com/about/security-response/

Microsoft (Online Services) - http://technet.microsoft.com/en-us/security/cc308589

Netflix - http://support.netflix.com/en/node/6657#gsc.tab=0

Nokia - http://www.nokia.com/global/security/acknowledgements/

Nokia Siemens Networks - http://www.nokiasiemensnetworks.com/about-us/responsible-disclosure

Norada - http://norada.com/crm-software/security_response

Owncloud - http://owncloud.org/about/security/hall-of-fame/

Opera - https://bugs.opera.com/wizarddesktop/

Oracle - http://:oracle.com/technetwork/topics/security/securityfixlifecycle-086982.html

Puppet Labs - https://puppetlabs.com/security/acknowledgments/

RedHat - https://access.redhat.com/knowledge/articles/66234

Risk.io - https://www.risk.io/security

Sellfy - https://sellfy.com/security/

Spotify - https://www.spotify.com/us/about-us/contact/report-security-issues/

Sprout Social - http://sproutsocial.com/responsible-disclosure-policy

37signals - https://37signals.com/security-response

Tuenti - http://corporate.tuenti.com/en/dev/hall-of-fame

Twilio - https://www.twilio.com/docs/security/disclosure

Twitter - https://twitter.com/about/security

WizeHive - http://www.wizehive.com/special_thanks.html

Xmarks - https://buy.xmarks.com/security.php

Zendesk - http://www.zendesk.com/company/responsible-disclosure-policy

Zynga - http://company.zynga.com/security/whitehats

PRODUCTS AND SERVICES (NO REWARD)

Amazon Web Services (AWS) - http://aws.amazon.com/security/vulnerability-reporting

Apriva - http://www.apriva.com/security

Authy - https://www.authy.com/security-issue

Blackboard - http://www.blackboard.com/footer/security-policy.aspx

Box - https://www.box.com/about-us/security/

Cisco - http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html#roosfassv

Cloudnetz - http://cloudnetz.com/Legal/vulnerability-testing-policy.html

Contant Contact - http://www.constantcontact.com/about-constant-contact/security/report-vulnerability.jsp

Coupa - http://trust.coupa.com/home/security/coupa-vulnerability-reporting-policy

Drupal - https://drupal.org/security-team

EMC2 - http://www.emc.com/contact-us/contact/product-security-response-center.htm

Emptrust - http://www.emptrust.com/Security.aspx

Heroku - https://policy.heroku.com/security

HTC - http://www.htc.com/us/terms/product-security/

IBM - http://www-03.ibm.com/security/secure-engineering/report.html

LinkedIn - http://help.linkedin.com/app/answers/detail/a_id/37022

Lookout - https://www.lookout.com/responsible-disclosure

Modus CSR - http://www.moduscsr.com/security_statement.php

Panzura - http://panzura.com/support/panzura-security-policy/

Pop Group - http://www.popgroupglobal.com/security.php

Reddit - http://code.reddit.com/wiki/help/whitehat

Relaso - http://relaso.com/disclosure

Salesforce - http://www.salesforce.com/company/privacy/security.jsp#vulnerability

Simplify - http://simplify-llc.com/simplify-security.html

Skoodat - http://www.skoodat.com/security

Scorpion Software - http://www.scorpionsoft.com/company/disclosurepolicy/

Snappy - http://www.besnappy.com/security

Square - https://squareup.com/security/levels

Symantec - http://www.symantec.com/security/

Team Unify - http://www.teamunify.com/__corp__/security.php

Viadeo - http://www.viadeo.com/aide/security/

VSR - http://www.vsecurity.com/company/disclosure

Xen - http://www.xen.org/projects/security_vulnerability_process.html

BROKERS AND SECURITY COMPANIES

Beyond Security - http://www.beyondsecurity.com/ssd.html

COSINC - http://www.coseinc.com/en/index.php?rt=advisory

Exodus Intelligence - https://www.exodusintel.com/eip/

ExploitHub - https://www.exploithub.com/request/index/developmentrequests/

HP Zero-Day Initiative (ZDI) - http://www.zerodayinitiative.com/about/benefits/

iDefense - https://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/vulnerability-intelligence/index.xhtml

Insight Partners - https://gvp.isightpartners.com/program_details.gvp?page=3&title=1&section=0

Netragard - http://pentest.snosoft.com/netragards-eap/

Packet Storm - http://packetstormsecurity.com/bugbounty

Secunia - http://secunia.com/community/research/svcrp

White Fir Design - https://www.whitefirdesign.com/about/wordpress-security-bug-bounty-program.html

Edited by djcata112

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...