Last update: 2019-01-07
Link: https://hackerone.com/
Country: US
Registration: public
Researchers: ?
Programs: 1200+
Visibility: public, private
Public disclosure: yes
Reputation: based on reports status and rewards
Additional metrics: signal, impact, badges
Payout methods: Paypal, Coinbase, bank transfer
Link: https://www.bugcrowd.com/
Country: US
Registration: public
Researchers: ?
Programs: ?
Visibility: public, private
Public disclosure: no
Reputation (kudos): based on reports criticity
Additional metrics: accuracy
Payout methods: Paypal, Payoneer
Link: https://www.yeswehack.com/en/
Country: France
Registration: public
Researchers: ~750
Programs: ?
Visibility: public, private
Public disclosure: no
Reputation: based on reports status, rewards and reports quality
Additional metrics: no
Payout methods: bank transfer
Link: https://www.yogosha.com/
Country: France
Registration: test required
Researchers: ~150
Programs: ?
Visibility: public, private
Public disclosure: no
Reputation: ?
Additional metrics: reports quality
Payout methods: bank transfer
Link: https://hackenproof.com/
Country: Estonia
Registration: public
Researchers: ~1000
Programs: ?
Visibility: public, private, vetted
Public disclosure: yes
Reputation: reports status and reports severity
Additional metrics: -
Payout methods: HKN (Hacken crypto currency)
Link: https://cobalt.io/
Country: US
Registration: invitation required
Researchers: ?
Programs: ?
Visibility: invite only
Public disclosure: no
Reputation: none
Additional metrics: no
Payout methods: Paypal, Bitcoin
Link: https://www.synack.com/red-team/
Country: US
Registration: tutorial, video interview, technical assessments, background check, ID verification
Researchers: ~3000
Programs: ?
Visibility: private
Public disclosure: no
Reputation: reports quality, rewards, target hardening
Additional metrics: ?
Payout methods: Paypal
Link: https://www.intigriti.com/
Country: Belgium
Registration: public
Researchers: ?
Programs: ?
Visibility: public, confidential, private, vetted
Public disclosure: no
Reputation: based on reports criticity
Additional metrics: quality score
Payout methods: bank transfer
Link: https://www.zerocopter.com/
Country: Netherlands
Registration: disabled
Researchers: ?
Programs: ?
Visibility: private, vetted
Public disclosure: no
Reputation: no
Additional metrics: no
Payout methods: Paypal, Bitcoin, bank transfer
Extra info:
Rewards fixed by the platform (https://www.zerocopter.com/en/vulnerability-price-list)
Link: https://cs.detectify.com/
Country: Sweden
Registration: invite only
Researchers: 150+
Programs: N/A
Visibility: private
Public disclosure: no
Reputation: vulnerability severity and popularity
Additional metrics: ?
Payout methods: payment handled through Bugcrowd
Extra infos:
Vulnerabilities are submitted to Detectify continuously, implemented into Detectify scanners and researchers are rewarded as their vulnerabilities are found in Detectify customer's scans, a unique model which separates Detectify Crowdsource from other platforms. Detectify does not work with programs in that sense, but instead focus Detectify researchers' attention towards technology types used by a range of companies.
Link: https://www.antihack.me/
Country: Singapore
Registration: public
Researchers: ?
Programs: ?
Visibility: public, private
Public disclosure: no
Reputation: based reports status and rewards
Additional metrics: hit rate, impact
Payout methods: Paypal
Link: https://bugbounty.jp/
Country: Japan
Registration: public
Researchers: ~1500
Programs: ?
Visibility: public, private
Public disclosure: no
Reputation: based on reports status and rewards
Additional metrics: -
Payout methods: Paypal, bank transfer (Japan)
Link: https://www.cesppa.com/
Country: US
Registration: public
Researchers: ?
Programs: ?
Visibility: public, private, exclusive
Public disclosure: no
Reputation: work in progress
Additional metrics: no
Payout methods: Paypal, cryptocurrency (BTC, LTC, ETH)
Extra infos:
Triage team can be reached on Bug Bounty World slack at #cesppa
Link: https://safehats.com/
Country: India
Registration: public
Researchers: ?
Programs: ?
Visibility: private
Public disclosure: ?
Reputation (karma score): reports status and rewards
Additional metrics: relevancy score, bounty score
Payout methods: Paypal, Bitcoin
Link: https://www.federacy.com/
Country: US
Registration: public
Researchers: ~20
Programs: ~20
Visibility: public, private
Public disclosure: no
Reputation: work in progress
Additional metrics: no
Payout methods: Paypal, Venmo, Bitcoin, Ethereum, Stripe on the way
Extra infos:
Currently in a closed beta. If you signed up without an invitation code, there is a hard limit set on your account allowing only 3 reports to be submitted per week.
Link: https://hacktrophy.com/en/
Country: Slovak Republic
Registration: public
Researchers: 600+
Programs: ?
Visibility: public, private
Public disclosure: yes
Reputation: no
Additional metrics: no
Payout methods: Paypal, Bitcoin, bank transfer
Extra infos:
Programs set reward limit by month/year.
Link: https://hackr.fi/en/
Country: Finland
Registration: public
Researchers: ?
Programs: ?
Visibility: ?
Public disclosure: ?
Reputation: ?
Additional metrics: ?
Payout methods: Paypal, bank transfer (Finland)
Link: https://www.openbugbounty.org/
Country: ?
Registration: public
Researchers: 7500+
Programs: N/A
Visibility: N/A
Public disclosure: yes
Reputation: ?
Additional metrics: recommendations, badges
Payout methods: up to the company
Extra infos:
Open Bug Bounty is a non-profit Bug Bounty platform. The responsible disclosure platform allows independent security researchers to report XSS and similar security vulnerabilities on any website they discover.
Link: https://bountygraph.com/ (closed)
Country: US
Registration: public
Researchers: ?
Programs: ?
Visibility: ?
Public disclosure: ?
Reputation: ?
Additional metrics: ?
Payout methods: Paypal, Stripe
Link: https://bugsbounty.io/
Country: India
Registration: currently running internally
Researchers: ?
Programs: ?
Visibility: ?
Public disclosure: ?
Reputation: ?
Additional metrics: ?
Payout methods: ?
Link: https://crowdshield.com/
Country: CA
Registration: public
Researchers: ?
Programs: ~20
Visibility: public, private
Public disclosure: yes
Reputation: reports criticity
Additional metrics: ?
Payout methods: ?
Link: https://www.cyberarmy.id/
Country: Indonesia
Registration: public
Researchers: ~20
Programs: ~10
Visibility: ?
Public disclosure: no
Reputation: ?
Additional metrics: ?
Payout methods: ?
Link: https://www.bugbountyzone.com/
Country: France
Registration: good luck
Researchers: ?
Programs: ?
Visibility: ?
Public disclosure: ?
Reputation: ?
Additional metrics: ?
Payout methods: ?
Link: https://secuna.io/
Country: Philippines
Registration: Background check, ID verification, Video interview
Researchers: 100+
Programs: 5+
Visibility: Public, Private
Public disclosure: Yes
Reputation: Based on report status
Additional metrics: ?
Payout methods: PayPal and Bitcoin
0 day platforms:
Link: https://zerodium.com/
Country: US
Registration: no need
Researchers: N/A
Programs: N/A
Visibility: N/A
Public disclosure: no
Reputation: N/A
Additional metrics: N/A
Payout methods: wire transfer, Bitcoin
Link: https://www.zerodayinitiative.com/
Country: US
Registration: public
Researchers: N/A
Programs: N/A
Visibility: N/A
Public disclosure: no
Reputation: ?
Additional metrics: ?
Payout methods: wire transfer
Link: https://www.crowdfense.com/
Country: UAE
Registration: no need
Researchers: N/A
Programs: N/A
Visibility: N/A
Public disclosure: no
Reputation: N/A
Additional metrics: N/A
Payout methods: ?