Bug Bounty program provides recognition and compensation to security researchers practicing responsible disclosure. Company started Bug Bounty programs for improve their security, Cyber security researchers are finding vulnerabilities on top websites and get rewarded.
Reward Program
AT&T -http://developer.att.com/developer/apiDetailPage.jsp?passedItemId=10700235
Avast! – http://www.avast.com/bug-bounty
Barracuda – http://barracudalabs.com/
Coinbase – https://coinbase.com/whitehat
Chromium Project – http://www.chromium.org/
CrowdShield – https://crowdshield.com/
Cryptocat – https://crypto.cat/bughunt/
Facebook – http://www.facebook.com/whitehat/
Etsy – http://www.etsy.com/help/article/2463
Gallery – http://codex.gallery2.org/Bounties
Ghostscript -http://ghostscript.com/Bug_bounty_program.html(Mostly software development, occasional security issues)
Google -http://www.google.com/about/company/rewardprogram.html
Hex-Rays – http://www.hex-rays.com/bugbounty.shtml
IntegraXor (SCADA) -http://www.integraxor.com/blog/integraxor-hmi-scada-bug-bounty-program
LaunchKey – https://launchkey.com/docs/whitehat
Marktplaats – http://statisch.marktplaats.nl/help/
Mega.co.nz -http://thenextweb.com/insider/2013/02/01/kim-dotcom-puts-up-13500-bounty-for-first-person-to-break-megas-security-system/
Meraki – http://www.meraki.com/trust/#srp
Microsoft -http://www.microsoft.com/security/msrc/report
Mozilla – http://www.mozilla.org/security/bug-bounty.html
Paypal -https://www.paypal.com/us/webapps/mpp/security/reporting-security-issues
PikaPay – https://www.pikapay.com/pikapay-security-policy/
Piwik – http://piwik.org/security/
Ricebridge – http://www.ricebridge.com/bugs.htm(Only available to customers)
Ripple – https://ripple.com/bug-bounty/
Samsung – https://samsungtvbounty.com/
Simple – https://www.simple.com/policies/website-security/
Tarsnap – https://www.tarsnap.com/bugbounty.html
Qiwi – https://www.qiwi.ru/page/hack.action
Qmail – http://cr.yp.to/djbdns/guarantee.html
Yandex -http://company.yandex.com/security/index.xml
Zerobrane -http://notebook.kulchenko.com/zerobrane/zerobrane-studio-bug-bounty
Product & Services (Hall Of Fame Only)
Acquia – https://www.acquia.com/how-report-security-issue
ActiveProspect -http://activeprospect.com/activeprospect-security/
Adobe -http://www.adobe.com/support/security/alertus.html
Amazon.com (retail) – please email details tosecurity@amazon.com
Android Free Apps -http://www.androidfreeapp.net/security-researcher-acknowledgments/
Apple – http://support.apple.com/kb/HT1318
Blackberry -http://us.blackberry.com/business/topics/security/incident-response-team/collaborations.html
Braintree -https://www.braintreepayments.com/developers/disclosure
Card – https://www.card.com/responsible-disclosure-policy
cPaperless -http://www.cpaperless.com/securitystatement.aspx
Chargify – https://chargify.com/security/
DiMartino Entertainment -http://moosikay.dimartinoentertainment.com/site/credits/
eBay – http://pages.ebay.com/securitycenter
EVE – http://community.eveonline.com/devblog.asp?a=blog&nbid=2384
Evernote – http://evernote.com/security/
Foursquare – https://foursquare.com/about/security
Freelancer -http://www.freelancer.com/info/vulnerability-submission.php
Future Of Enforcement -http://futureofenforcement.com/?page_id=695
Gitlab – http://blog.gitlab.com/responsible-disclosure-policy/
Gliph – https://gli.ph/s/security.html
HakSecurity – http://haksecurity.com/special-thanks/
Harmony – http://get.harmonyapp.com/security/
Heroku – https://www.heroku.com/policy/security-hall-of-fame
Iconfinder -http://support.iconfinder.com/customer/portal/articles/1217282-responsible-disclosure-of-security-vulnerabilities
Kaneva -http://docs.kaneva.com/mediawiki/index.php/Bug_Bounty
Kayako – https://my.kayako.com/
Lastpass – https://lastpass.com/support_security.php
Mahara – https://wiki.mahara.org/index.php
MailChimp – http://mailchimp.com/about/security-response/
Microsoft (Online Services) -http://technet.microsoft.com/en-us/security/cc308589
Netflix -http://support.netflix.com/en/node/6657#gsc.tab=0
Nokia -http://www.nokia.com/global/security/acknowledgements/
Nokia Siemens Networks -http://www.nokiasiemensnetworks.com/about-us/responsible-disclosure
Norada – http://norada.com/crm-software/security_response
Owncloud – http://owncloud.org/about/security/hall-of-fame/
Opera – https://bugs.opera.com/wizarddesktop/
Oracle – http://:oracle.com/technetwork/topics/security
Puppet Labs -https://puppetlabs.com/security/acknowledgments/
RedHat -https://access.redhat.com/knowledge/articles/66234
Risk.io – https://www.risk.io/security
Security Net – http://www.securitynet.org/security-researcher-acknoledgments/
Sellfy – https://sellfy.com/security/
Spotify – https://www.spotify.com/us/about-us/contact/report-security-issues/
Sprout Social – http://sproutsocial.com/responsible-disclosure-policy
Telekom – http://www.telekom.com/corporate-responsibility/security/186450
Thingomatic – http://thingomatic.org/security.html
37signals – https://37signals.com/security-response
Tuenti – http://corporate.tuenti.com/en/dev/hall-of-fame
Twilio – https://www.twilio.com/docs/security/disclosure
Twitter – https://twitter.com/about/security
WizeHive -http://www.wizehive.com/special_thanks.html
Xmarks – https://buy.xmarks.com/security.php
Zendesk -http://www.zendesk.com/company/responsible-disclosure-policy
Zynga – http://company.zynga.com/security/whitehats
Product & Services (No Reward)
Amazon Web Services (AWS) -http://aws.amazon.com/security/vulnerability-reporting
Apriva – http://www.apriva.com/security
Authy – https://www.authy.com/security-issue
Blackboard – http://www.blackboard.com/footer/security-policy.aspx
Box – https://www.box.com/about-us/security/
Cisco -http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html#roosfassv
Cloudnetz – http://cloudnetz.com/Legal/vulnerability-testing-policy.html
Contant Contact -http://www.constantcontact.com/about-constant-contact/security/report-vulnerability.jsp
Coupa – http://trust.coupa.com/home/security/coupa-vulnerability-reporting-policy
Drupal – https://drupal.org/security-team
EMC2 – http://www.emc.com/contact-us/contact/product-security-response-center.htm
Emptrust – http://www.emptrust.com/Security.aspx
Heroku – https://www.heroku.com/policy/security-hall-of-fame
HTC – http://www.htc.com/us/terms/product-security/
Huawei -http://www.huawei.com/en/security/psirt/report-vulnerabilities/index.htm
IBM – http://www-03.ibm.com/security/secure-engineering/report.html
KPN – http://www.kpn.com/Privacy.htm#tabcontent3
Lievensberg Hospital -http://www.lievensbergziekenhuis.nl/paginas/141-disclaimer.html
LinkedIn -http://help.linkedin.com/app/answers/detail/a_id/37022
Lookout – https://www.lookout.com/responsible-disclosure
Millsap Independent School District -http://www.millsapisd.net/BugReport.cfm
Modus CSR -http://www.moduscsr.com/security_statement.php
PagerDuty -http://www.pagerduty.com/security/disclosure/
Panzura – http://panzura.com/support/panzura-security-policy/
Pidgin – http://pidgin.im/security/
Plone -http://plone.org/products/plone/security/advisories
Pop Group -http://www.popgroupglobal.com/security.php
Reddit – http://code.reddit.com/wiki/help/whitehat
Relaso – http://relaso.com/disclosure
Salesforce -http://www.salesforce.com/company/privacy/security.jsp#vulnerability
Simplify – http://simplify-llc.com/simplify-security.html
Skoodat – http://www.skoodat.com/security
Scorpion Software -http://www.scorpionsoft.com/company/disclosurepolicy/
Square – https://squareup.com/security/levels
Symantec – http://www.symantec.com/security/
Team Unify -http://www.teamunify.com/__corp__/security.php
Tele2 -http://www.tele2.nl/klantenservice/veiligheid/tele2-en-veiligheid.html
T-Mobile (Netherlands) – http://www.t-mobile.nl/Global/media/pdf/privacy_statement_juni_2012.pdf
UPC -http://www.upc.nl/internet/veilig_internet/beveiligingsproblemen/
Viadeo – http://www.viadeo.com/aide/security/
Vodafone (Netherlands) -http://over.vodafone.nl/vodafone-nederland/privacy-veiligheid/beveiliging-en-bescherming/wat-doet-vodafone/meld-een-beveilig
VSR – http://www.vsecurity.com/company/disclosure
X.commerce – http://www.x.com/security
Xen -http://www.xen.org/projects/security_vulnerability_process.html
Ziggo -https://www.ziggo.nl/#klantenservice/internet/risicos-op-internet/meldpunt-beveiligingslekken