Hace ya tiempo os mostramos una lista de NibbleSecurity con un buen recopilatorio de bug bounty programs o programas de recompensa a usuarios por encontrar fallos de seguridad en ciertos productos. En esta ocasión os presentamos una lista mayor y más actualizada de la comunidad Bugcrowd. Todos sabemos que se consigue más dinero por un 0-day en el mercado negro pero esta lista es la alternativa para no desviarse del buen camino, my friends...
PRODUCTS AND SERVICES (REWARD OFFERED)
PRODUCTS AND SERVICES (REWARD OFFERED)
- Bugcrowd - http://bgcd.co/join-the-bugcrowd
- Facebook - http://www.facebook.com/whitehat/bounty/
- Etsy - http://www.etsy.com/help/article/2463
- Google - http://www.google.com/about/company/rewardprogram.html
- Paypal - https://www.paypal.com/us/webapps/mpp/security/reporting-security-issues
- Mozilla - http://www.mozilla.org/security/bug-bounty.html
- Piwik - http://piwik.org/security/
- Barracuda - http://www.barracudalabs.com/bugbounty/
- Yandex - http://company.yandex.com/security/index.xml
- Gallery - http://codex.gallery2.org/Bounties
- Qmail - http://cr.yp.to/djbdns/guarantee.html
- AT&T - http://developer.att.com/developer/apiDetailPage.jsp?passedItemId=10700235 - (We’ve been told that to submit you need to sign up to the Developer API Program which costs 99 USD…)
- Tarsnap - https://www.tarsnap.com/bugbounty.html
- Samsung - https://samsungtvbounty.com/
- Access - https://www.accessnow.org/prize
- Avast! - http://blog.avast.com/2013/01/25/introducing-avast-bug-bounty/
- Hex-Rays - http://www.hex-rays.com/bugbounty.shtml
- Kaneva - http://docs.kaneva.com/
mediawiki/index.php/Bug_Bounty - Mega.co.nz - http://thenextweb.com/insider/2013/02/01/kim-dotcom-puts-up-13500-bounty-for-first-person-to-break-megas-security-system/
- Cryptocat - https://crypto.cat/bughunt/
- Future Of Enforcement - http://futureofenforcement.com/?page_id=695
- Meraki - http://www.meraki.com/trust/#srp
- HP Zero-Day Initiative (ZDI) - http://www.zerodayinitiative.com/about/benefits/
- Packet Storm - http://packetstormsecurity.com/bugbounty
- COSINC - http://www.coseinc.com/en/index.php?rt=advisory
- Beyond Security - http://www.beyondsecurity.com/ssd.html
- Exodus Intelligence - https://www.exodusintel.com/eip/
- iDefense - https://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/vulnerability-intelligence/index.xhtml
- White Fir Design - https://www.whitefirdesign.com/about/wordpress-security-bug-bounty-program.html
- Secunia - http://secunia.com/community/research/svcrp
- ExploitHub - https://www.exploithub.com/request/index/developmentrequests/
- Insight Partners - https://gvp.isightpartners.com/program_details.gvp?page=3&title=1§ion=0
- Netragard - http://pentest.snosoft.com/netragards-eap/
- Github – https://help.github.com/articles/responsible-disclosure-of-security-vulnerabilities (Reward: T-shirt and stickers)
- Engineyard - https://www.engineyard.com/legal/responsible-disclosure-policy (Reward: T-shirt)
- ifixit - http://www.ifixit.com/Info/Responsible_Disclosure (Reward: T-shirt)
- Dropbox - https://www.dropbox.com/special_thanks (Reward: T-shirt)
- Soundcloud - http://help.soundcloud.com/customer/portal/articles/439715-responsible-disclosure (Reward: T-shirt)
- Amazon - aws.amazon.com/security/vulnerability-reporting (Reward: T-shirt)
- Twitter - https://twitter.com/about/security
- Apple - http://support.apple.com/kb/HT1318
- Microsoft - http://technet.microsoft.com/en-us/security/cc308589
- RedHat - https://access.redhat.com/knowledge/articles/66234
- Tuenti - http://corporate.tuenti.com/en/dev/hall-of-fame
- Twilio - https://www.twilio.com/docs/security/disclosure
- Zynga - http://company.zynga.com/security/whitehats
- Mahara - https://wiki.mahara.org/index.php/Contributors#Security_Researchers
- Acquia - https://www.acquia.com/how-report-security-issue
- lastpass - https://lastpass.com/support_security.php
- Owncloud - http://owncloud.org/about/security/hall-of-fame/
- Nokia Siemens Networks - http://www.nokiasiemensnetworks.com/about-us/responsible-disclosure
- Harmony - http://get.harmonyapp.com/security/
- Nokia - http://www.nokia.com/global/security/acknowledgements/
- eBay - http://pages.ebay.com/securitycenter/ResearchersAcknowledgement.html
- EVE - http://community.eveonline.com/devblog.asp?a=blog&nbid=2384
- EngineYard - https://www.engineyard.com/legal/responsible-disclosure-policy
- Netflix - http://support.netflix.com/en/node/6657#gsc.tab=0
- Blackberry - http://us.blackberry.com/business/topics/security/incident-response-team/collaborations.html
- Risk.io - https://www.risk.io/security
- ActiveProspect - http://activeprospect.com/activeprospect-security/
- Reddit - http://code.reddit.com/wiki/help/whitehat
- Contant Contact - http://www.constantcontact.com/about-constant-contact/security/report-vulnerability.jsp
- 37signals - https://37signals.com/security-response
- Atlassian - https://confluence.atlassian.com/display/SUPPORT/How+to+Report+a+Security+Issue
- Tuenti - http://corporate.tuenti.com/
en/dev/hall-of-fame - Owncloud - http://owncloud.org/security/
hall-of-fame/ - Acquia - https://www.acquia.com/how-
report-security-issue - IBM - http://www-03.ibm.com/security/secure-engineering/report.html
- Symantec - http://www.symantec.com/security/
- Salesforce - http://www.salesforce.com/company/privacy/security.jsp#vulnerability
- Cloudnetz - http://cloudnetz.com/Legal/vulnerability-testing-policy.html
- Puppet Labs - puppetlabs.com/blog/responsible-disclosure-of-security-vulnerabilities
- Oracle - oracle.com/technetwork/topics/security/securityfixlifecycle-086982.html
- VSR - http://www.vsecurity.com/company/disclosure
- Lookout - https://www.lookout.com/responsible-disclosure
- HTC - http://www.htc.com/us/terms/product-security/
- Scorpion Software – http://www.scorpionsoft.com/company/disclosurepolicy/
Comentarios
Publicar un comentario