Major platforms

Open Bug Bounty

Open Bug Bounty is a community-driven, open, cost-free, and dis-intermediated bug bounty platform. In addition, it offers responsible and coordinated vulnerability disclosure compatible with ISO 29147. A website owner can express a gratitude to a researcher for reporting vulnerability in a way s/he considers the most appropriate and proportional to the researcher’s efforts and help. This can be just a “Thank you”.


Intigrity is located in Europe and connects cybersecurity researchers with companies, and offers a wide variety of bug bounty programs across several industries. For hackers, there’s plenty of bounties to grab. Depending on the company’s size and industry, bug hunts ranging from €1,000 to €20,000 are available.


YesWeHack is a global bug bounty platform that offers vulnerability disclosure and crowd-sourced security across many countries such as France, Germany, Switzerland, and Singapore. It follows some strict regulations and standards to safeguard the interests of hunters as well as customers.


HackerOne is a vulnerability collaboration and bug bounty hunting platform that connects companies with hackers. It was one of the first start-ups to commercialize and utilize crowd-sourced security and hackers as a part of its business model, and is the biggest cybersecurity firm of its kind.


Bugcrowd Inc. is a company that develops a coordination platform that connects companies with researchers to test their applications. It offers testing solutions for web, mobile, source code, and client-side applications.


Synack is an American technology company based in Redwood City, California that breaks the mold. Synack’s business combines a vulnerability intelligence platform that automates the discovery of exploitable vulnerabilities with bug bounty programs to create vulnerability reports for clients.


Cobalt’s Penetration Testing as a Service (PTaaS) platform converts broken pentest models into a data-driven vulnerability co-ordination engine. It is not so much a platform for bug bounty program, but for crowd pentesting.