Le projet crowdsec est désormais lancé en version beta. Seules quelques fonctionnalités sont aujourd’hui ouvertes pour la phase de lancement. Celles-ci seront rapidement débloquées au fur et à mesure de l’avancée de développement du projet.
Bug bounty programmes les plus connus (avec récompenses)
- Facebook – http://www.facebook.com/whitehat/bounty/
- Etsy – http://www.etsy.com/help/article/2463
- Google – http://www.google.com/about/company/rewardprogram.html
- Paypal – https://www.paypal.com/us/webapps/mpp/security/reporting-security-issues
- Mozilla – http://www.mozilla.org/security/bug-bounty.html
- Piwik – http://piwik.org/security/
- Barracuda – http://www.barracudalabs.com/bugbounty/
- Yandex – http://company.yandex.com/security/index.xml
- Gallery – http://codex.gallery2.org/Bounties
- Qmail – http://cr.yp.to/djbdns/guarantee.html
- AT&T – http://developer.att.com/developer/apiDetailPage.jsp?passedItemId=10700235 – (We’ve been told that to submit you need to sign up to the Developer API Program which costs 99 USD…)
- Tarsnap – https://www.tarsnap.com/bugbounty.html
- Samsung – https://samsungtvbounty.com/
- Access – https://www.accessnow.org/prize
- Avast! – http://blog.avast.com/2013/01/25/introducing-avast-bug-bounty/
- Hex-Rays – http://www.hex-rays.com/bugbounty.shtml
- Kaneva – http://docs.kaneva.com/mediawiki/index.php/Bug_Bounty
- Mega.co.nz – http://thenextweb.com/insider/2013/02/01/kim-dotcom-puts-up-13500-bounty-for-first-person-to-break-megas-security-system/
- Cryptocat – https://crypto.cat/bughunt/
- Meraki – http://www.meraki.com/trust/#srp
- Groupon – http://www.groupon.com/api (See bottom of right hand sidebar)
Entreprise de Sécurité (récompense à la clé)
- HP Zero-Day Initiative (ZDI) – http://www.zerodayinitiative.com/about/benefits/
- Packet Storm – http://packetstormsecurity.com/bugbounty
- COSINC – http://www.coseinc.com/en/index.php?rt=advisory
- Beyond Security – http://www.beyondsecurity.com/ssd.html
- Exodus Intelligence – https://www.exodusintel.com/eip/
- iDefense – https://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/vulnerability-intelligence/index.xhtml
- White Fir Design – https://www.whitefirdesign.com/about/wordpress-security-bug-bounty-program.html
- Secunia – http://secunia.com/community/research/svcrp
- ExploitHub – https://www.exploithub.com/request/index/developmentrequests/
- Insight Partners – https://gvp.isightpartners.com/program_details.gvp?page=3&title=1§ion=0
- Netragard – http://pentest.snosoft.com/netragards-eap/
Hall of fame (avec une petite récompense)
- Github – https://help.github.com/articles/responsible-disclosure-of-security-vulnerabilities (Reward: T-shirt and stickers)
- Engineyard – https://www.engineyard.com/legal/responsible-disclosure-policy (Reward: T-shirt)
- ifixit – http://www.ifixit.com/Info/Responsible_Disclosure (Reward: T-shirt)
- Dropbox – https://www.dropbox.com/special_thanks (Reward: T-shirt)
- Soundcloud – http://help.soundcloud.com/customer/portal/articles/439715-responsible-disclosure (Reward: T-shirt)
- Amazon – http://aws.amazon.com/security/vulnerability-reporting (Reward: T-shirt)
- Yahoo – http://security.yahoo.com (Reward: T-shirt)
Hall of fame
- Twitter – https://twitter.com/about/security
- Apple – http://support.apple.com/kb/HT1318
- Microsoft – http://technet.microsoft.com/en-us/security/cc308589
- RedHat – https://access.redhat.com/knowledge/articles/66234
- Tuenti – http://corporate.tuenti.com/en/dev/hall-of-fame
- Twilio – https://www.twilio.com/docs/security/disclosure
- Zynga – http://company.zynga.com/security/whitehats
- Mahara – https://wiki.mahara.org/index.php/Contributors#Security_Researchers
- Acquia – https://www.acquia.com/how-report-security-issue
- lastpass – https://lastpass.com/support_security.php
- Owncloud – http://owncloud.org/about/security/hall-of-fame/
- Nokia Siemens Networks – http://www.nokiasiemensnetworks.com/about-us/responsible-disclosure
- Harmony – http://get.harmonyapp.com/security/
- Nokia – http://www.nokia.com/global/security/acknowledgements/
- eBay – http://pages.ebay.com/securitycenter/ResearchersAcknowledgement.html
- EVE – http://community.eveonline.com/devblog.asp?a=blog&nbid=2384
- EngineYard – https://www.engineyard.com/legal/responsible-disclosure-policy
- Netflix – http://support.netflix.com/en/node/6657#gsc.tab=0
- Blackberry – http://us.blackberry.com/business/topics/security/incident-response-team/collaborations.html
- Risk.io – https://www.risk.io/security
- ActiveProspect – http://activeprospect.com/activeprospect-security/
- Future Of Enforcement – http://futureofenforcement.com/?page_id=695
- Zendesk – http://www.zendesk.com/company/responsible-disclosure-policy
- WizeHive – http://www.wizehive.com/special_thanks.html
- Xmarks – https://buy.xmarks.com/security.php
- Gitlab – http://blog.gitlab.com/responsible-disclosure-policy/
- Opera – https://bugs.opera.com/wizarddesktop/
Hall of fame (sans aucune récompense)
- Adobe – http://www.adobe.com/support/security/alertus.html
- Reddit – http://code.reddit.com/wiki/help/whitehat
- Contant Contact – http://www.constantcontact.com/about-constant-contact/security/report-vulnerability.jsp
- 37signals – https://37signals.com/security-response
- Atlassian – https://confluence.atlassian.com/display/SUPPORT/How+to+Report+a+Security+Issue
- Tuenti – http://corporate.tuenti.com/en/dev/hall-of-fame
- Owncloud – http://owncloud.org/security/hall-of-fame/
- Acquia – https://www.acquia.com/how-report-security-issue
- IBM – http://www-03.ibm.com/security/secure-engineering/report.html
- Symantec – http://www.symantec.com/security/
- Salesforce -http://www.salesforce.com/company/privacy/security.jsp#vulnerability
- Cloudnetz – http://cloudnetz.com/Legal/vulnerability-testing-policy.html
- Puppet Labs – http://puppetlabs.com/blog/responsible-disclosure-of-security-vulnerabilities
- Oracle – http://:oracle.com/technetwork/topics/security/securityfixlifecycle-086982.html
- VSR – http://www.vsecurity.com/company/disclosure
- Lookout – https://www.lookout.com/responsible-disclosure
- HTC – http://www.htc.com/us/terms/product-security/
- Scorpion Software – http://www.scorpionsoft.com/company/disclosurepolicy/
- Chargify – https://chargify.com/security/
Source: Bugcrowd