Legal Hacking (Bug Bounty)
Posted: Thu Sep 04, 2014 2:02 pm
So I recently became aware that many major technology companies have active reward systems in place for responsible disclosure of bugs and potential security vulnerabilities. While I'm familiar with the idea, I didn't realize there was a website which conveniently lists active programs and whether or not the company is offering bounties / rewards.
https://bugcrowd.com/list-of-bug-bounty-programs
More notable participants include (not an exhaustive list):
Dropbox
Github
Google
Facebook
Microsoft
Mozilla
Paypal
Tesla
Twitter
YouTube
For example, Google is paying bounties ranging from $500 - $60,000 to anyone who reports a vulnerability in Chromium which they deem serious enough to warrant a reward.
If you're interested in security research as a hobby but aren't interested in the prison time associated with irresponsible targeting, perhaps you should consider targeting one of these companies instead.
https://bugcrowd.com/list-of-bug-bounty-programs
More notable participants include (not an exhaustive list):
Dropbox
Github
Microsoft
Mozilla
Paypal
Tesla
YouTube
For example, Google is paying bounties ranging from $500 - $60,000 to anyone who reports a vulnerability in Chromium which they deem serious enough to warrant a reward.
If you're interested in security research as a hobby but aren't interested in the prison time associated with irresponsible targeting, perhaps you should consider targeting one of these companies instead.