Major platforms

Open Bug Bounty

Open Bug Bounty is a community-driven, open, cost-free, and dis-intermediated bug bounty platform. In addition, it offers responsible and coordinated vulnerability disclosure compatible with ISO 29147. A website owner can express a gratitude to a researcher for reporting vulnerability in a way s/he considers the most appropriate and proportional to the researcher’s efforts and help. This can be just a “Thank you”.

Intigrity

Intigrity is located in Europe and connects cybersecurity researchers with companies, and offers a wide variety of bug bounty programs across several industries. For hackers, there’s plenty of bounties to grab. Depending on the company’s size and industry, bug hunts ranging from €1,000 to €20,000 are available.

YesWeHack

YesWeHack is a global bug bounty platform that offers vulnerability disclosure and crowd-sourced security across many countries such as France, Germany, Switzerland, and Singapore. It follows some strict regulations and standards to safeguard the interests of hunters as well as customers.

HackerOne

HackerOne is a vulnerability collaboration and bug bounty hunting platform that connects companies with hackers. It was one of the first start-ups to commercialize and utilize crowd-sourced security and hackers as a part of its business model, and is the biggest cybersecurity firm of its kind.

Bugcrowd

Bugcrowd Inc. is a company that develops a coordination platform that connects companies with researchers to test their applications. It offers testing solutions for web, mobile, source code, and client-side applications.

Synack

Synack is an American technology company based in Redwood City, California that breaks the mold. Synack’s business combines a vulnerability intelligence platform that automates the discovery of exploitable vulnerabilities with bug bounty programs to create vulnerability reports for clients.

Cobalt

Cobalt’s Penetration Testing as a Service (PTaaS) platform converts broken pentest models into a data-driven vulnerability co-ordination engine. It is not so much a platform for bug bounty program, but for crowd pentesting.