Nytro Posted April 13, 2013 Report Posted April 13, 2013 Vom mentine aici o lista cu site-urile care au un program bug bounty.Googlehttp://www.google.com/about/appsecurity/reward-program/Facebookhttps://www.facebook.com/whitehat/bountyMozillahttp://www.mozilla.org/security/bug-bounty.htmlPaypalhttps://www.paypal.com/us/webapps/mpp/security/reporting-security-issuesSecuniahttp://secunia.com/community/research/svcrp/Etsyhttp://codeascraft.etsy.com/2012/09/11/announcing-the-etsy-security-bug-bounty-program/Barracudahttp://www.barracudalabs.com/bugbounty/----------------------------------------------------------------------------------------------Site-uri care vor mentiona persoanele care le raporteaza vulnerabilitati:Adobehttp://www.adobe.com/support/security/alertus.htmlTwitterhttps://twitter.com/about/securityEBayhttp://pages.ebay.com/securitycenter/ResearchersAcknowledgement.htmlMicrosofthttp://technet.microsoft.com/en-us/security/ff852094.aspxApplehttp://support.apple.com/kb/HT1318Dropboxhttps://www.dropbox.com/securityReddithttp://code.reddit.com/wiki/help/whitehatGithubhttps://help.github.com/articles/responsible-disclosure-of-security-vulnerabilitiesIfixithttp://www.ifixit.com/Info/responsible_disclosure37 Signalshttp://37signals.com/security-responseTwiliohttp://www.twilio.com/blog/2012/03/reporting-security-vulnerabilities.htmlConstant Contacthttp://www.constantcontact.com/about-constant-contact/security/report-vulnerability.jspEngine Yardhttp://www.engineyard.com/legal/responsible-disclosure-policyLastpasshttps://lastpass.com/support_security.phpRedHathttps://access.redhat.com/knowledge/articles/66234Acquiahttps://www.acquia.com/how-report-security-issueZyngahttp://company.zynga.com/security/whitehatsOwncloudhttp://owncloud.org/security/policyTuentihttp://corporate.tuenti.com/en/dev/hall-of-fameSoundcloudhttp://help.soundcloud.com/customer/portal/articles/439715-responsible-disclosureNokia Siemens Networkshttp://www.nokiasiemensnetworks.com/about-us/responsible-disclosureYandex Bug Bountyhttp://company.yandex.com/security/hall-of-fame.xml Lista originala: List of Bug Bounty program for PenTesters and Ethical Hackers - E Hacker NewsLista este in curs de actualizare. Daca aveti ceva de completat, postati in acest topic si vom actualiza si aici. 1 Quote
xPowerSource Posted April 13, 2013 Report Posted April 13, 2013 Mega.co.nz -> https://mega.co.nz/#blog_6 Quote
B7ackAnge7z Posted April 13, 2013 Report Posted April 13, 2013 (edited) Informa?ia despre compania Yandex este pu?in gre?it? — de curând au început s? ofere ?i ceva b?nu?i:Yandex.Company — Bug Bounty ProgramDe asemenea mai po?i ad?uga:Zero Day Initiativehttps://samsungtvbounty.com/https://www.hex-rays.com/bugbounty.shtmlGhostscript: Bug bounty programOnline Merchant Services for Payment Processing | CCBillhttp://piwik.org/security/http://www.avast.com/bug-bounty Edited April 13, 2013 by B7ackAnge7z Quote
FiliBlox Posted April 13, 2013 Report Posted April 13, 2013 (edited) Mozillasecurity@mozilla.orgSecurity Centerhttp://www.mozilla.org/projects/security...olicy.htmlMozilla Foundation Security AdvisoriesGooglesecurity@google.comhttps://www.google.com/appserve/security...owod28bhr2FacebookFacebookPaypalsitesecurity@paypal.comhttps://cms.paypal.com/cgi-bin/marketing...ity_issuesEtsyEtsy - Your place to buy and sell all things handmade, vintage, and suppliesWordpresshttp://www.whitefirdesign.com/about/word...ogram.htmlCommonswareCommonsWareCCBillSitemap | CCBillOnline Merchant Services for Payment Processing | CCBillVarkhttp://www.vark.comWindthorstisdBug ReportBug Bounty Websites for Products VulnerabilityMozillaSecurity Centerhttp://www.mozilla.org/security/known-vu...refox.htmlBugcrowd – Crowdsourced security testing. We run managed bug bounty programs for websites and mobile apps - Bugcrowd - NOTE: Bugcrowd runs managed bug bounty programs for business and you are notified when new Bugcrowd bug bounty programs are launched.Facebook - FacebookEtsy – Etsy - HelpGoogle – Program Rules – Application Security – GooglePaypal – https://www.paypal.com/us/webapps/mpp/se...ity-issuesMozilla – Mozilla Security Bug Bounty ProgramPiwik -http://piwik.org/security/Barracuda – Barracuda Networks Security Bug Bounty ProgramYandex – Yandex.Company — Bug Bounty ProgramGallery - Bounties - Gallery CodexCCBill – Sitemap | CCBillGhostScript - Ghostscript: Bug bounty programQmail - http://cr.yp.to/djbdns/guarantee.htmlAT&T - http://developer.att.com/developer/apiDe...d=10700235Tarsnap - https://www.tarsnap.com/bugbounty.htmlSamsung - https://samsungtvbounty.com/Hex-Rays - https://www.hex-rays.com/bugbounty.shtmlAccess - https://www.accessnow.org/prizeArdour - http://ardour.org/bugbountyArtifex Software - Ghostscript: Bug bounty programCommonsware - CommonsWareVark - http://www.vark.comWindthorstisd - Bug ReportBROKERS AND SECURITY COMPANIESHP Zero-Day Initiative (ZDI) - Zero Day InitiativeCOSINC - COSEINC - AdvisoryBeyond Security - SecuriTeam Secure DisclosureExodus Intelligence - https://www.exodusintel.com/eip/iDefense - https://www.verisigninc.com/en_US/produc...ndex.xhtmlWhite Fir Design - https://www.whitefirdesign.com/about/wor...ogram.htmlSecunia - Vulnerability Reward - SVCRP Reporting Scheme - SecuniaExploitHub - https://www.exploithub.com/request/index...trequests/Insight Partners - https://gvp.isightpartners.com/program_d...§ion=0Netragard - EAP | Netragard's SNOsoft Research TeamMozillasecurity@mozilla.orghttp://www.mozilla.org/securityhttp://www.mozilla.org/projects/security/security-bugs-policy.htmlhttp://www.mozilla.org/security/announceGooglesecurity@google.comhttps://www.google.com/appserve/security-bugs/new?rl=xkp7zert49a5q6owod28bhr2Facebookhttp://www.facebook.com/whitehat/bountyPaypalsitesecurity@paypal.comhttps://cms.paypal.com/cgi-bin/marketingweb?cmd=_render-content&content_ID=security/reporting_security_issuesEtsysecurity-reports@etsy.comhttp://www.etsy.com/help/article/2463Wordpresshttp://www.whitefirdesign.com/about/wordpress-security-bug-bounty-program.htmlCommonswarehttp://commonsware.com/bounty.htmlCCBillhttp://www.ccbill.com/developers/security/vulnerability-reward-program.phphttp://www.ccbill.com/developers/security/rewards.phpVarkhttp://www.vark.comWindthorstisdhttp://www.windthorstisd.net/BugReport.cfmBug Bounty Websites for Products VulnerabilityMozillahttp://www.mozilla.org/securityhttp://www.mozilla.org/security/known-vulnerabilities/firefox.htmlGoogle Chromehttp://www.chromium.org/Home/chromium-security/vulnerability-rewards-programZero Day Initiativehttp://www.zerodayinitiative.comBarracudabugbounty@barracuda.comhttp://www.barracudalabs.com/bugbountyhttp://www.barracudalabs.com/bugbounty/halloffame.htmlArtifex Softwarehttp://www.ghostscript.com/Bug_bounty_program.htmlHex Rayshttp://www.hex-rays.com/bugbounty.shtmlArdourhttp://ardour.org/bugbountyPiwikhttp://piwik.org/securityHall of Fame & Responsible Disclosure Websites(No Bounties)Microsofthttp://technet.microsoft.com/en-us/security/cc308589http://technet.microsoft.com/en-us/security/cc308575http://technet.microsoft.com/en-us/security/cc261624http://www.microsoft.com/security/msrc/default.aspxhttp://technet.microsoft.com/en-us/security/ff852094.aspxAppleproduct-security@apple.comhttp://support.apple.com/kb/HT1318https://ssl.apple.com/support/security/Adobehttp://www.adobe.com/support/security/bulletins/securityacknowledgments.htmlhttp://www.adobe.com/support/security/alertus.htmlIBMhttp://www-03.ibm.com/security/secure-engineering/report.htmlTwitterhttps://twitter.com/about/securityhttp://support.twitter.com/groups/33-report-abuse-or-policy-violations/topics/122-reporting-violations/articles/477159-how-to-report-xss-api-and-other-security-vulnerabilities#https://support.twitter.com/formsDropboxsecurity@dropbox.comhttps://www.dropbox.com/securityhttps://www.dropbox.com/special_thanksCiscohttp://tools.cisco.com/security/center/home.x#~alertsMoodlehttp://moodle.org/securityDrupalhttp://drupal.org/security-teamOraclehttp://www.oracle.com/us/support/assurance/reporting/index.htmlSymantechttp://www.symantec.com/securityEbayhttp://pages.ebay.com/securitycenter/Researchers.htmlTwiliohttp://www.twilio.com/blog/2012/03/reporting-security-vulnerabilities.html37 Signalshttp://37signals.com/security-responseSalesforcehttp://www.salesforce.com/company/privacy/disclosure.jspReddithttp://code.reddit.com/wiki/help/whitehatGithubhttp://help.github.com/responsible-disclosure/Ifixithttp://www.ifixit.com/Info/responsible_disclosureConstant Contacthttp://www.constantcontact.com/about-constant-contact/security/report-vulnerability.jspZeggiohttp://www.zeggio.comSimplifyhttp://simplify-llc.com/simplify-security.htmlTeam Unifyhttp://www.teamunify.com/__corp__/security.phpSkoodathttp://www.skoodat.com/SecurityRelasohttp://relaso.com/disclosureModuscsrhttp://www.moduscsr.com/security_statement.phpCloudnetzhttp://cloudnetz.com/Legal/vulnerability-testing-policy.htmlEmptrusthttp://www.emptrust.com/Security.aspxAprivahttp://www.apriva.com/securityAmazonhttp://aws.amazon.com/security/vulnerability-reportingSqaureUphttps://squareup.com/security/levelsG-Sechttp://www.g-sec.lu/responsible.disclosure.policy.htmlXenhttp://www.xen.org/projects/security_vulnerability_process.htmlEngine Yardhttp://www.engineyard.com/legal/responsible-disclosure-policyLastpasshttps://lastpass.com/support_security.phpRedHathttps://access.redhat.com/knowledge/articles/66234Acquiahttps://www.acquia.com/how-report-security-issueMaharasecurity@mahara.orghttps://wiki.mahara.org/index.php/SecurityZyngasecurity@zynga.comhttp://company.zynga.com/security/whitehatsRisk.iohttps://www.risk.io/securityOperahttp://www.opera.com/security/policyhttps://bugs.opera.com/wizarddesktophttp://my.opera.com/securitygroup/blog/2013/04/05/thanks-to-the-researchersOwncloudhttp://owncloud.org/security/policyhttp://owncloud.org/security/hall-of-fameScorpion Softsecurity@scorpionsoft.comhttp://www.scorpionsoft.com/company/disclosurepolicyNoradahttp://norada.com/norada/crm/security_responseCpaperlesshttp://www.cpaperless.com/securitystatement.aspxWizehivehttp://www.wizehive.com/securityhttp://www.wizehive.com/special_thanks.htmlTuentihttp://corporate.tuenti.com/en/dev/hall-of-fameNokia Siemenshttp://www.nokiasiemensnetworks.com/about-us/responsible-disclosureSound Cloudhttp://help.soundcloud.com/customer/portal/articles/439715-responsible-disclosureHTChttp://www.htc.com/us/legal/product-securityNeohapsishttp://www.neohapsis.com/disclosure.phpNokiasecurity-alert@nokia.comhttp://www.nokia.com/global/security/securityhttp://www.nokia.com/global/security/acknowledgementsBlackBerrysecure@blackberry.comhttps://www.blackberry.com/profile/?eventId=8322http://us.blackberry.com/business/topics/security/incident-response-team/collaborations.htmlHerokusecurity@heroku.comhttps://policy.heroku.com/securityChargifysecurity@chargify.comhttps://chargify.com/securityPuppetlabshttp://puppetlabs.com/securityGood luck. Edited April 13, 2013 by FiliBlox Quote
EterNo Posted April 14, 2013 Report Posted April 14, 2013 (edited) Si Cannabis Seeds | Buy Marijuana Seeds from #1 UK Online Store daca aveti nevoie de seminte..<cs1@cannabis-seeds.co.uk>Mar 28HI EterNoThank you for pointing out the problem. We will send you some seeds, can you forward us your address and we will get a pack of feminized seeds out to you.regardsPS: am raportat un XSS@dreiboy, nu.. nu mai am cauta si tu@tedeus, cine a zis ca locuiesc in Romania?!PS: am primit si semintele, 6.. si au iesit toate :> Edited May 26, 2013 by EterNo Quote
dreiboy Posted April 14, 2013 Report Posted April 14, 2013 Si Cannabis Seeds | Buy Marijuana Seeds from #1 UK Online Store daca aveti nevoie de seminte..<cs1@cannabis-seeds.co.uk>Mar 28HI EterNoThank you for pointing out the problem. We will send you some seeds, can you forward us your address and we will get a pack of feminized seeds out to you.regardsPS: am raportat un XSSnu mai ai vreo unu sa m-il imprumuti sa le dau mail? )tare as avea nevoie de niste seminte Quote
tedeus Posted April 14, 2013 Report Posted April 14, 2013 Si Cannabis Seeds | Buy Marijuana Seeds from #1 UK Online Store daca aveti nevoie de seminte..<cs1@cannabis-seeds.co.uk>Mar 28HI EterNoThank you for pointing out the problem. We will send you some seeds, can you forward us your address and we will get a pack of feminized seeds out to you.regardsPS: am raportat un XSS@dreiboy, nu.. nu mai am cauta si tuDude, calmeaza-te. Vezi ca toate pachetele primite sunt monitorizate si, din cate stiu, in Romania, sunt interzise.... Asa ca, daca vrei alte probleme in afara de cele pe care ti le poti face numai din exploatarea de vulnerabilitati, da-le adresa ca sa primesti minunatie de seminte. Puteai sa le spui frumos ca legea romana nu este asa de permisiva si ca, in schimb, accepti orice donatie pentru cateva cafele . Parerea mea... Tu faci, pana la urma, ce doresti. Quote
S.R.I Posted April 14, 2013 Report Posted April 14, 2013 Dude, calmeaza-te. Vezi ca toate pachetele primite sunt monitorizate si, din cate stiu, in Romania, sunt interzise.... Asa ca, daca vrei alte probleme in afara de cele pe care ti le poti face numai din exploatarea de vulnerabilitati, da-le adresa ca sa primesti minunatie de seminte. Puteai sa le spui frumos ca legea romana nu este asa de permisiva si ca, in schimb, accepti orice donatie pentru cateva cafele . Parerea mea... Tu faci, pana la urma, ce doresti.off:In Romania THC-ul este interzis,semintele NU.Sunt si site-uri romanesti care vand.on:cred ca ma apuc si eu de cautat bugs.pacat ca multe din ele nu platesc nimic. Quote
carter2408 Posted April 20, 2013 Report Posted April 20, 2013 tresorit | we encrypt – you share ofera 10.000 euro Quote
Active Members Fi8sVrs Posted May 4, 2013 Active Members Report Posted May 4, 2013 Bug BountyWhat is better than getting your exploit published on Packet Storm?Getting paid when your exploit is published on Packet Storm!Packet Storm is offering large sums of cash for well crafted code execution exploits.Why is this program better than other bug bounty programs?Other companies that buy exploits rarely share them with the public and once bought, require that the author does not share them. We are going the other direction on this idea. If the author of the exploit permits it, we plan to release them publicly after sixty days for everyone to download. Win - Win.Why the disclosure?Because it helps the greater good and is in-line with our initiative to provide security engineers the ability to test their systems for recently patched vulnerabilities.I'm in. What are the next steps?You can talk to us by sending an email to getpaid at packetstormsecurity.com with description of your exploit or by submitting the contact form below. Please do not send us the code at this step.The list of targets that we are looking for moves constantly. If you believe that you can offer quality exploits that demonstrate full code execution, it is worth a discussion. It is vitally important that you can articulate what is being exploited, how it is being exploited, what systems and patch levels you have tested with, and that your work is 100% yours to sell. We will not accept exploits that already have public proof of concepts, nor will we accept known plagiarized work.How much money can I make?Different issues offer different levels of compensation. The typical payout for a working exploit ranges anywhere from $1,000 - $7,000 USD and there is the opportunity for even larger payouts if you have written some amazing zero-day. Nothing is off the table. That said, in the typical pay range, we're also soliciting code execution exploits for "0.5-day" vulnerabilities in mainstream software such as Microsoft Windows and Oracle Java that already have a published advisory but with no known working exploit.Bug Bounty ? Packet Storm Quote
florin_darck Posted May 4, 2013 Report Posted May 4, 2013 Bugcrowd Updated listList of bug bounty programs - Bugcrowd Quote
1337 Posted June 13, 2013 Report Posted June 13, 2013 Wall of fame : https://www.paypal.com/webapps/mpp/security-tools/wall-of-fameUpdated terms and conditions : https://www.paypal.com/webapps/mpp/preview/security-tools/reporting-security-issues Quote
malsploit Posted June 19, 2013 Report Posted June 19, 2013 a inceput si microsoft sa ofere recompense financiare Microsoft Launches $100,000 Bug Bounty Program | ThreatpostAfter years of saying that the company didn’t need a bug bounty program, Microsoft is starting one. The company today will announce the start of a new program that will pay security researchers up to $100,000 for serious vulnerabilities and as much as $50,000 for new defensive techniques that help protect against those flaws.threatpost.com/microsoft-launches-100000-bug-bounty-program/ Quote
florin_darck Posted June 19, 2013 Report Posted June 19, 2013 a inceput si microsoft sa ofere recompense financiare Microsoft Launches $100,000 Bug Bounty Program | Threatpostthreatpost.com/microsoft-launches-100000-bug-bounty-program/Din pacate "not for bugs in web applications" .. Quote
Active Members akkiliON Posted July 5, 2013 Active Members Report Posted July 5, 2013 http://www.schubergphilis.com/newsroom/library/downloads-policies/responsible-disclosure-policy/BountyWe appreciate your findings and in exchange we offer any one of the following:- a t-shirt from Thinkgeek or Jinx- a donation to Room To Read Quote
Nytro Posted July 20, 2013 Author Report Posted July 20, 2013 https://samsungtvbounty.com/Every entry which will be selected, after the evaluation by our security experts, will be rewarded with a bounty.The monetary reward for one bounty is 1000 USD or more.Only one bounty per security bug will be awarded. Quote
D4ny Posted July 25, 2013 Report Posted July 25, 2013 care e faza cu bugurile astea ? ce se intampla dak le accesez k am incercat si .... nimic :sad: Quote
nacks Posted July 25, 2013 Report Posted July 25, 2013 care e faza cu bugurile astea ? ce se intampla dak le accesez k am incercat si .... nimic :sad: Iti bati capul cu prostii (a gresit Nytro ca te a lasat sa citesti) ... incearca altceva Quote
malsploit Posted July 25, 2013 Report Posted July 25, 2013 care e faza cu bugurile astea ? ce se intampla dak le accesez k am incercat si .... nimic :sad: citeste aici https://rstforums.com/forum/67995-informatii-despre-programele-bug-bounty.rst Quote
FarSe Posted July 25, 2013 Report Posted July 25, 2013 Acele siteuri au un program bug bounty fix,dar si restu de siteuri cat de cat mari dau ceva bani daca ii ajuti,spre exemplu am luat 50 USD pentru un xss in fileice.net . Quote
Nytro Posted July 26, 2013 Author Report Posted July 26, 2013 Information Security News: PayPal opens bug bounty program to minors Quote
djcata112 Posted August 9, 2013 Report Posted August 9, 2013 (edited) Multe site-uri din urmatoarele au mai fost postate si imi cer scuze pentru aceastaGoogle: If you find vulnerability in google , you will get reward as well as your name will be listed in the Google Hall of fame page. Details about Vulnerability Reward Program: Program Rules – Application Security – Google Hall of fame: The "0x0A List" – Application Security – Google - See more at: List of Bug Bounty program for PenTesters and Ethical Hackers - E Hacker NewsSecurity Bug Bounty from facebook:Minimum reward is $500 USD. The reward will be increased for severe or creative bugsOnly 1 bounty per security bug will be awardedhttps://www.facebook.com/whitehat/bountyMozilla Bug Bounty program:The Mozilla Security Bug Bounty Program is designed to encourage security research in Mozilla software and to reward those who help us create the safest Internet clients in existence.The bounty for valid web applications or services related security bugs, the are giving a range starting at $500 (US) for high severity and, in some cases, may pay up to $3000 (US) for extraordinary or critical vulnerabilities. they will also include a Mozilla T-shirt.Mozilla Security Bug Bounty ProgramPaypal Bug Bounty Program For Professional Researchershttps://www.paypal.com/us/webapps/mpp/security/reporting-security-issuesSecunia Vulnerability Coordination Reward Program (SVCRP)SVCRP – a reward program incentive offered by Secunia to researchers who have discovered a vulnerability and would like a third party to confirm their findings and handle the coordination process with the vendor on their behalf: Vulnerability Reward - SVCRP Reporting Scheme - SecuniaEtsy :Will pay a minimum of $500 for qualifying vulnerabilities, subject to a few conditions and with qualification determined by the Etsy Security Team.Announcing the Etsy Security Bug Bounty Program Bugcrowd - https://portal.bugcrowd.com/sign_up/ ASP 4 All - http://www.asp4all.nl/en/over-asp4all/responsible-disclosure AT&T - http://developer.att.com/developer/apiDetailPage.jsp?passedItemId=10700235 - (To submit you need to sign up to the free Developer API program) Avast! - http://www.avast.com/bug-bounty Barracuda - http://barracudalabs.com/?page_id=3456 Coinbase - https://coinbase.com/whitehat Chromium Project - http://www.chromium.org/Home/chromium-security/vulnerability-rewards-program Cryptocat - https://crypto.cat/bughunt/ Facebook - http://www.facebook.com/whitehat/bounty/ Etsy - http://www.etsy.com/help/article/2463 Gallery - http://codex.gallery2.org/Bounties Google - http://www.google.com/about/company/rewardprogram.html Hex-Rays - http://www.hex-rays.com/bugbounty.shtml Kaneva - http://docs.kaneva.com/mediawiki/index.php/Bug_Bounty IntegraXor (SCADA) - http://www.integraxor.com/blog/integraxor-hmi-scada-bug-bounty-program LaunchKey - https://launchkey.com/docs/whitehat ManageWP - https://managewp.com/white-hat-reward Marktplatts - http://statisch.marktplaats.nl/help/responsible_disclosure_policy_en.html Mega.co.nz - http://thenextweb.com/insider/2013/02/01/kim-dotcom-puts-up-13500-bounty-for-first-person-to-break-megas-security-system/ Meraki - http://www.meraki.com/trust/#srp Microsoft - http://www.microsoft.com/security/msrc/report/bountyprograms.aspx Mozilla - http://www.mozilla.org/security/bug-bounty.html Paypal - https://www.paypal.com/us/webapps/mpp/security/reporting-security-issues PikaPay - https://www.pikapay.com/pikapay-security-policy/ Piwik - http://piwik.org/security/ Ripple - https://ripple.com/bug-bounty/ Samsung - https://samsungtvbounty.com/ Simple - https://www.simple.com/policies/website-security/ Tarsnap - https://www.tarsnap.com/bugbounty.html Qmail - http://cr.yp.to/djbdns/guarantee.html Yandex - http://company.yandex.com/security/index.xml Access - https://www.accessnow.org/prizePRODUCT AND SERVICES (HALL OF FAME + SWAG) Atlassian - https://confluence.atlassian.com/display/SUPPORT/How+to+Report+a+Security+Issue Dropbox - https://www.dropbox.com/special_thanks (Reward: T-shirt) Engineyard - https://www.engineyard.com/legal/responsible-disclosure-policy (Reward: T-shirt) Github - https://help.github.com/articles/responsible-disclosure-of-security-vulnerabilities (Reward: T-shirt and stickers) ifixit - http://www.ifixit.com/Info/Responsible_Disclosure (Reward: T-shirt) Paymill - https://www.paymill.com/en-gb/support-3/worth-knowing/security/ (Reward: T-shirt) Schuberg Philis - http://www.schubergphilis.com/newsroom/library/downloads-policies/responsible-disclosure-policy/ Soundcloud - http://help.soundcloud.com/customer/portal/articles/439715-responsible-disclosure (Reward: T-shirt) Yahoo - http://security.yahoo.com (Reward: T-shirt)PRODUCT AND SERVICES (HALL OF FAME ONLY) Acquia - https://www.acquia.com/how-report-security-issue ActiveProspect - http://activeprospect.com/activeprospect-security/ Adobe - http://www.adobe.com/support/security/alertus.html Amazon.com (retail) - please email details to security@amazon.com Android Free Apps - http://www.androidfreeapp.net/security-researcher-acknowledgments/ Apple - http://support.apple.com/kb/HT1318 Blackberry - http://us.blackberry.com/business/topics/security/incident-response-team/collaborations.html Braintree - https://www.braintreepayments.com/developers/disclosure Card - https://www.card.com/responsible-disclosure-policy cPaperless - http://www.cpaperless.com/securitystatement.aspx Chargify - https://chargify.com/security/ eBay - http://pages.ebay.com/securitycenter/ResearchersAcknowledgement.html EVE - http://community.eveonline.com/devblog.asp?a=blog&nbid=2384 Freelancer - http://www.freelancer.com/info/vulnerability-submission.php Future Of Enforcement - http://futureofenforcement.com/?page_id=695 Gitlab - http://blog.gitlab.com/responsible-disclosure-policy/ Gliph - https://gli.ph/s/security.html Harmony - http://get.harmonyapp.com/security/ lastpass - https://lastpass.com/support_security.php Mahara - https://wiki.mahara.org/index.php/Contributors#Security_Researchers MailChimp - http://mailchimp.com/about/security-response/ Microsoft (Online Services) - http://technet.microsoft.com/en-us/security/cc308589 Netflix - http://support.netflix.com/en/node/6657#gsc.tab=0 Nokia - http://www.nokia.com/global/security/acknowledgements/ Nokia Siemens Networks - http://www.nokiasiemensnetworks.com/about-us/responsible-disclosure Norada - http://norada.com/crm-software/security_response Owncloud - http://owncloud.org/about/security/hall-of-fame/ Opera - https://bugs.opera.com/wizarddesktop/ Oracle - http://:oracle.com/technetwork/topics/security/securityfixlifecycle-086982.html Puppet Labs - https://puppetlabs.com/security/acknowledgments/ RedHat - https://access.redhat.com/knowledge/articles/66234 Risk.io - https://www.risk.io/security Sellfy - https://sellfy.com/security/ Spotify - https://www.spotify.com/us/about-us/contact/report-security-issues/ Sprout Social - http://sproutsocial.com/responsible-disclosure-policy 37signals - https://37signals.com/security-response Tuenti - http://corporate.tuenti.com/en/dev/hall-of-fame Twilio - https://www.twilio.com/docs/security/disclosure Twitter - https://twitter.com/about/security WizeHive - http://www.wizehive.com/special_thanks.html Xmarks - https://buy.xmarks.com/security.php Zendesk - http://www.zendesk.com/company/responsible-disclosure-policy Zynga - http://company.zynga.com/security/whitehatsPRODUCTS AND SERVICES (NO REWARD) Amazon Web Services (AWS) - http://aws.amazon.com/security/vulnerability-reporting Apriva - http://www.apriva.com/security Authy - https://www.authy.com/security-issue Blackboard - http://www.blackboard.com/footer/security-policy.aspx Box - https://www.box.com/about-us/security/ Cisco - http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html#roosfassv Cloudnetz - http://cloudnetz.com/Legal/vulnerability-testing-policy.html Contant Contact - http://www.constantcontact.com/about-constant-contact/security/report-vulnerability.jsp Coupa - http://trust.coupa.com/home/security/coupa-vulnerability-reporting-policy Drupal - https://drupal.org/security-team EMC2 - http://www.emc.com/contact-us/contact/product-security-response-center.htm Emptrust - http://www.emptrust.com/Security.aspx Heroku - https://policy.heroku.com/security HTC - http://www.htc.com/us/terms/product-security/ IBM - http://www-03.ibm.com/security/secure-engineering/report.html LinkedIn - http://help.linkedin.com/app/answers/detail/a_id/37022 Lookout - https://www.lookout.com/responsible-disclosure Modus CSR - http://www.moduscsr.com/security_statement.php Panzura - http://panzura.com/support/panzura-security-policy/ Pop Group - http://www.popgroupglobal.com/security.php Reddit - http://code.reddit.com/wiki/help/whitehat Relaso - http://relaso.com/disclosure Salesforce - http://www.salesforce.com/company/privacy/security.jsp#vulnerability Simplify - http://simplify-llc.com/simplify-security.html Skoodat - http://www.skoodat.com/security Scorpion Software - http://www.scorpionsoft.com/company/disclosurepolicy/ Snappy - http://www.besnappy.com/security Square - https://squareup.com/security/levels Symantec - http://www.symantec.com/security/ Team Unify - http://www.teamunify.com/__corp__/security.php Viadeo - http://www.viadeo.com/aide/security/ VSR - http://www.vsecurity.com/company/disclosure Xen - http://www.xen.org/projects/security_vulnerability_process.htmlBROKERS AND SECURITY COMPANIES Beyond Security - http://www.beyondsecurity.com/ssd.html COSINC - http://www.coseinc.com/en/index.php?rt=advisory Exodus Intelligence - https://www.exodusintel.com/eip/ ExploitHub - https://www.exploithub.com/request/index/developmentrequests/ HP Zero-Day Initiative (ZDI) - http://www.zerodayinitiative.com/about/benefits/ iDefense - https://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/vulnerability-intelligence/index.xhtml Insight Partners - https://gvp.isightpartners.com/program_details.gvp?page=3&title=1§ion=0 Netragard - http://pentest.snosoft.com/netragards-eap/ Packet Storm - http://packetstormsecurity.com/bugbounty Secunia - http://secunia.com/community/research/svcrp White Fir Design - https://www.whitefirdesign.com/about/wordpress-security-bug-bounty-program.html Edited August 9, 2013 by djcata112 Quote
B7ackAnge7z Posted August 16, 2013 Report Posted August 16, 2013 QIWI https://static.qiwi.com/en/doc/ethic_hack.pdf Quote
