Here’s a list of currently active bug bounty programs
- Bugcrowd – http://bgcd.co/join-the-bugcrowd
- Facebook - http://www.facebook.com/whitehat/bounty/
- Etsy – http://www.etsy.com/help/article/2463
- Google – http://www.google.com/about/company/rewardprogram.html
- Paypal – https://www.paypal.com/us/webapps/mpp/security/reporting-security-issues
- Mozilla – http://www.mozilla.org/security/bug-bounty.html
- Piwik – http://piwik.org/security/
- Barracuda – http://www.barracudalabs.com/bugbounty/
- Yandex – http://company.yandex.com/security/index.xml
- Gallery - http://codex.gallery2.org/Bounties
- Qmail - http://cr.yp.to/djbdns/guarantee.html
- AT&T - http://developer.att.com/developer/apiDetailPage.jsp?passedItemId=10700235 - (We’ve been told that to submit you need to sign up to the Developer API Program which costs 99 USD…)
- Tarsnap - https://www.tarsnap.com/bugbounty.html
- Samsung - https://samsungtvbounty.com/
- Access - https://www.accessnow.org/prize
- Avast! – http://blog.avast.com/2013/01/25/introducing-avast-bug-bounty/
- Hex-Rays - http://www.hex-rays.com/bugbounty.shtml
- Kaneva - http://docs.kaneva.com/
mediawiki/index.php/Bug_Bounty - Mega.co.nz - http://thenextweb.com/insider/2013/02/01/kim-dotcom-puts-up-13500-bounty-for-first-person-to-break-megas-security-system/
- Cryptocat - https://crypto.cat/bughunt/