Suivez nous sur Twitter

/// Blog Archive

07 mai / 2013
Author: 6ix IT Tags: , , Comments: 0
Bookmark and Share

Mise à jour mai 2013: Liste des bug bounty program

Le projet crowdsec est désormais lancé en version beta. Seules quelques fonctionnalités sont aujourd’hui ouvertes pour la phase de lancement. Celles-ci seront rapidement débloquées au fur et à mesure de l’avancée de développement du projet.

 

Bug bounty programmes les plus connus (avec récompenses)

  • Facebook – http://www.facebook.com/whitehat/bounty/
  • Etsy – http://www.etsy.com/help/article/2463
  • Google – http://www.google.com/about/company/rewardprogram.html
  • Paypal – https://www.paypal.com/us/webapps/mpp/security/reporting-security-issues
  • Mozilla – http://www.mozilla.org/security/bug-bounty.html
  • Piwik – http://piwik.org/security/
  • Barracuda – http://www.barracudalabs.com/bugbounty/
  • Yandex – http://company.yandex.com/security/index.xml
  • Gallery – http://codex.gallery2.org/Bounties
  • Qmail – http://cr.yp.to/djbdns/guarantee.html
  • AT&T – http://developer.att.com/developer/apiDetailPage.jsp?passedItemId=10700235 – (We’ve been told that to submit you need to sign up to the Developer API Program which costs 99 USD…)
  • Tarsnap – https://www.tarsnap.com/bugbounty.html
  • Samsung – https://samsungtvbounty.com/
  • Access – https://www.accessnow.org/prize
  • Avast! – http://blog.avast.com/2013/01/25/introducing-avast-bug-bounty/
  • Hex-Rays – http://www.hex-rays.com/bugbounty.shtml
  • Kaneva – http://docs.kaneva.com/mediawiki/index.php/Bug_Bounty
  • Mega.co.nz – http://thenextweb.com/insider/2013/02/01/kim-dotcom-puts-up-13500-bounty-for-first-person-to-break-megas-security-system/
  • Cryptocat – https://crypto.cat/bughunt/
  • Meraki – http://www.meraki.com/trust/#srp
  • Groupon – http://www.groupon.com/api (See bottom of right hand sidebar)

 

Entreprise de Sécurité (récompense à la clé)

 

  1. HP Zero-Day Initiative (ZDI) – http://www.zerodayinitiative.com/about/benefits/
  2. Packet Storm – http://packetstormsecurity.com/bugbounty
  3. COSINC – http://www.coseinc.com/en/index.php?rt=advisory
  4. Beyond Security – http://www.beyondsecurity.com/ssd.html
  5. Exodus Intelligence – https://www.exodusintel.com/eip/
  6. iDefense – https://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/vulnerability-intelligence/index.xhtml
  7. White Fir Design – https://www.whitefirdesign.com/about/wordpress-security-bug-bounty-program.html
  8. Secunia – http://secunia.com/community/research/svcrp
  9. ExploitHub – https://www.exploithub.com/request/index/developmentrequests/
  10. Insight Partners – https://gvp.isightpartners.com/program_details.gvp?page=3&title=1&section=0
  11. Netragard – http://pentest.snosoft.com/netragards-eap/

Hall of fame (avec une petite récompense)

 

  1. Github – https://help.github.com/articles/responsible-disclosure-of-security-vulnerabilities (Reward: T-shirt and stickers)
  2. Engineyard – https://www.engineyard.com/legal/responsible-disclosure-policy (Reward: T-shirt)
  3. ifixit – http://www.ifixit.com/Info/Responsible_Disclosure (Reward: T-shirt)
  4. Dropbox – https://www.dropbox.com/special_thanks (Reward: T-shirt)
  5. Soundcloud – http://help.soundcloud.com/customer/portal/articles/439715-responsible-disclosure (Reward: T-shirt)
  6. Amazon – http://aws.amazon.com/security/vulnerability-reporting (Reward: T-shirt)
  7. Yahoo – http://security.yahoo.com (Reward: T-shirt)

Hall of fame

 

  • Twitter – https://twitter.com/about/security
  • Apple – http://support.apple.com/kb/HT1318
  • Microsoft – http://technet.microsoft.com/en-us/security/cc308589
  • RedHat – https://access.redhat.com/knowledge/articles/66234
  • Tuenti – http://corporate.tuenti.com/en/dev/hall-of-fame
  • Twilio – https://www.twilio.com/docs/security/disclosure
  • Zynga – http://company.zynga.com/security/whitehats
  • Mahara – https://wiki.mahara.org/index.php/Contributors#Security_Researchers
  • Acquia – https://www.acquia.com/how-report-security-issue
  • lastpass – https://lastpass.com/support_security.php
  • Owncloud – http://owncloud.org/about/security/hall-of-fame/
  • Nokia Siemens Networks – http://www.nokiasiemensnetworks.com/about-us/responsible-disclosure
  • Harmony – http://get.harmonyapp.com/security/
  • Nokia – http://www.nokia.com/global/security/acknowledgements/
  • eBay – http://pages.ebay.com/securitycenter/ResearchersAcknowledgement.html
  • EVE – http://community.eveonline.com/devblog.asp?a=blog&nbid=2384
  • EngineYard – https://www.engineyard.com/legal/responsible-disclosure-policy
  • Netflix – http://support.netflix.com/en/node/6657#gsc.tab=0
  • Blackberry – http://us.blackberry.com/business/topics/security/incident-response-team/collaborations.html
  • Risk.io – https://www.risk.io/security
  • ActiveProspect – http://activeprospect.com/activeprospect-security/
  • Future Of Enforcement – http://futureofenforcement.com/?page_id=695
  • Zendesk – http://www.zendesk.com/company/responsible-disclosure-policy
  • WizeHive – http://www.wizehive.com/special_thanks.html
  • Xmarks – https://buy.xmarks.com/security.php
  • Gitlab – http://blog.gitlab.com/responsible-disclosure-policy/
  • Opera – https://bugs.opera.com/wizarddesktop/

Hall of fame (sans aucune récompense)

 

  • Adobe – http://www.adobe.com/support/security/alertus.html
  • Reddit – http://code.reddit.com/wiki/help/whitehat
  • Contant Contact – http://www.constantcontact.com/about-constant-contact/security/report-vulnerability.jsp
  • 37signals – https://37signals.com/security-response
  • Atlassian – https://confluence.atlassian.com/display/SUPPORT/How+to+Report+a+Security+Issue
  • Tuenti – http://corporate.tuenti.com/en/dev/hall-of-fame
  • Owncloud – http://owncloud.org/security/hall-of-fame/
  • Acquia – https://www.acquia.com/how-report-security-issue
  • IBM – http://www-03.ibm.com/security/secure-engineering/report.html
  • Symantec – http://www.symantec.com/security/
  • Salesforce -http://www.salesforce.com/company/privacy/security.jsp#vulnerability
  • Cloudnetz – http://cloudnetz.com/Legal/vulnerability-testing-policy.html
  • Puppet Labs – http://puppetlabs.com/blog/responsible-disclosure-of-security-vulnerabilities
  • Oracle – http://:oracle.com/technetwork/topics/security/securityfixlifecycle-086982.html
  • VSR – http://www.vsecurity.com/company/disclosure
  • Lookout – https://www.lookout.com/responsible-disclosure
  • HTC – http://www.htc.com/us/terms/product-security/
  • Scorpion Software – http://www.scorpionsoft.com/company/disclosurepolicy/
  • Chargify – https://chargify.com/security/

 

Source: Bugcrowd

/// Articles récents

/// Commentaires récents

/// Archives

/// Catégories

/// Méta

/// Twitter Feed

Find out what's happening, right now, with the people and organizations you care about.

Copyright 2012-2013 © 6ix IT