Suivez nous sur Twitter

/// Blog Archive

07 mai / 2013
Author: 6ix IT Tags: , , Comments: 0

Bookmark and Share

Le projet crowdsec est désormais lancé en version beta. Seules quelques fonctionnalités sont aujourd’hui ouvertes pour la phase de lancement. Celles-ci seront rapidement débloquées au fur et à mesure de l’avancée de développement du projet.

 

Bug bounty programmes les plus connus (avec récompenses)

  • Facebook – http://www.facebook.com/whitehat/bounty/
  • Etsy – http://www.etsy.com/help/article/2463
  • Google – http://www.google.com/about/company/rewardprogram.html
  • Paypal – https://www.paypal.com/us/webapps/mpp/security/reporting-security-issues
  • Mozilla – http://www.mozilla.org/security/bug-bounty.html
  • Piwik – http://piwik.org/security/
  • Barracuda – http://www.barracudalabs.com/bugbounty/
  • Yandex – http://company.yandex.com/security/index.xml
  • Gallery – http://codex.gallery2.org/Bounties
  • Qmail – http://cr.yp.to/djbdns/guarantee.html
  • AT&T – http://developer.att.com/developer/apiDetailPage.jsp?passedItemId=10700235 – (We’ve been told that to submit you need to sign up to the Developer API Program which costs 99 USD…)
  • Tarsnap – https://www.tarsnap.com/bugbounty.html
  • Samsung – https://samsungtvbounty.com/
  • Access – https://www.accessnow.org/prize
  • Avast! – http://blog.avast.com/2013/01/25/introducing-avast-bug-bounty/
  • Hex-Rays – http://www.hex-rays.com/bugbounty.shtml
  • Kaneva – http://docs.kaneva.com/mediawiki/index.php/Bug_Bounty
  • Mega.co.nz – http://thenextweb.com/insider/2013/02/01/kim-dotcom-puts-up-13500-bounty-for-first-person-to-break-megas-security-system/
  • Cryptocat – https://crypto.cat/bughunt/
  • Meraki – http://www.meraki.com/trust/#srp
  • Groupon – http://www.groupon.com/api (See bottom of right hand sidebar)

 

Entreprise de Sécurité (récompense à la clé)

 

  1. HP Zero-Day Initiative (ZDI) – http://www.zerodayinitiative.com/about/benefits/
  2. Packet Storm – http://packetstormsecurity.com/bugbounty
  3. COSINC – http://www.coseinc.com/en/index.php?rt=advisory
  4. Beyond Security – http://www.beyondsecurity.com/ssd.html
  5. Exodus Intelligence – https://www.exodusintel.com/eip/
  6. iDefense – https://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/vulnerability-intelligence/index.xhtml
  7. White Fir Design – https://www.whitefirdesign.com/about/wordpress-security-bug-bounty-program.html
  8. Secunia – http://secunia.com/community/research/svcrp
  9. ExploitHub – https://www.exploithub.com/request/index/developmentrequests/
  10. Insight Partners – https://gvp.isightpartners.com/program_details.gvp?page=3&title=1&section=0
  11. Netragard – http://pentest.snosoft.com/netragards-eap/

Hall of fame (avec une petite récompense)

 

  1. Github – https://help.github.com/articles/responsible-disclosure-of-security-vulnerabilities (Reward: T-shirt and stickers)
  2. Engineyard – https://www.engineyard.com/legal/responsible-disclosure-policy (Reward: T-shirt)
  3. ifixit – http://www.ifixit.com/Info/Responsible_Disclosure (Reward: T-shirt)
  4. Dropbox – https://www.dropbox.com/special_thanks (Reward: T-shirt)
  5. Soundcloud – http://help.soundcloud.com/customer/portal/articles/439715-responsible-disclosure (Reward: T-shirt)
  6. Amazon – http://aws.amazon.com/security/vulnerability-reporting (Reward: T-shirt)
  7. Yahoo – http://security.yahoo.com (Reward: T-shirt)

Hall of fame

 

  • Twitter – https://twitter.com/about/security
  • Apple – http://support.apple.com/kb/HT1318
  • Microsoft – http://technet.microsoft.com/en-us/security/cc308589
  • RedHat – https://access.redhat.com/knowledge/articles/66234
  • Tuenti – http://corporate.tuenti.com/en/dev/hall-of-fame
  • Twilio – https://www.twilio.com/docs/security/disclosure
  • Zynga – http://company.zynga.com/security/whitehats
  • Mahara – https://wiki.mahara.org/index.php/Contributors#Security_Researchers
  • Acquia – https://www.acquia.com/how-report-security-issue
  • lastpass – https://lastpass.com/support_security.php
  • Owncloud – http://owncloud.org/about/security/hall-of-fame/
  • Nokia Siemens Networks – http://www.nokiasiemensnetworks.com/about-us/responsible-disclosure
  • Harmony – http://get.harmonyapp.com/security/
  • Nokia – http://www.nokia.com/global/security/acknowledgements/
  • eBay – http://pages.ebay.com/securitycenter/ResearchersAcknowledgement.html
  • EVE – http://community.eveonline.com/devblog.asp?a=blog&nbid=2384
  • EngineYard – https://www.engineyard.com/legal/responsible-disclosure-policy
  • Netflix – http://support.netflix.com/en/node/6657#gsc.tab=0
  • Blackberry – http://us.blackberry.com/business/topics/security/incident-response-team/collaborations.html
  • Risk.io – https://www.risk.io/security
  • ActiveProspect – http://activeprospect.com/activeprospect-security/
  • Future Of Enforcement – http://futureofenforcement.com/?page_id=695
  • Zendesk – http://www.zendesk.com/company/responsible-disclosure-policy
  • WizeHive – http://www.wizehive.com/special_thanks.html
  • Xmarks – https://buy.xmarks.com/security.php
  • Gitlab – http://blog.gitlab.com/responsible-disclosure-policy/
  • Opera – https://bugs.opera.com/wizarddesktop/

Hall of fame (sans aucune récompense)

 

  • Adobe – http://www.adobe.com/support/security/alertus.html
  • Reddit – http://code.reddit.com/wiki/help/whitehat
  • Contant Contact – http://www.constantcontact.com/about-constant-contact/security/report-vulnerability.jsp
  • 37signals – https://37signals.com/security-response
  • Atlassian – https://confluence.atlassian.com/display/SUPPORT/How+to+Report+a+Security+Issue
  • Tuenti – http://corporate.tuenti.com/en/dev/hall-of-fame
  • Owncloud – http://owncloud.org/security/hall-of-fame/
  • Acquia – https://www.acquia.com/how-report-security-issue
  • IBM – http://www-03.ibm.com/security/secure-engineering/report.html
  • Symantec – http://www.symantec.com/security/
  • Salesforce -http://www.salesforce.com/company/privacy/security.jsp#vulnerability
  • Cloudnetz – http://cloudnetz.com/Legal/vulnerability-testing-policy.html
  • Puppet Labs – http://puppetlabs.com/blog/responsible-disclosure-of-security-vulnerabilities
  • Oracle – http://:oracle.com/technetwork/topics/security/securityfixlifecycle-086982.html
  • VSR – http://www.vsecurity.com/company/disclosure
  • Lookout – https://www.lookout.com/responsible-disclosure
  • HTC – http://www.htc.com/us/terms/product-security/
  • Scorpion Software – http://www.scorpionsoft.com/company/disclosurepolicy/
  • Chargify – https://chargify.com/security/

 

Source: Bugcrowd

28 déc / 2012
Author: 6ix IT Tags: , , , Comments: 0

Bookmark and Share

Vous trouverez une liste tenue à jour des bug bounty program.

N’hésitez pas à nous contacter pour y figurer. Si vous voulez mettre en place votre propre service de bug bounty, rendez vous sur Crowdsec pour l’externalisation de la sécurité de vos applications.

 

 

Pour ce qui est la recherche de vulnérabilités « logicielles », les 0days, ils existent également les programmes suivants:

 


/// Twitter Feed

Find out what's happening, right now, with the people and organizations you care about.

Copyright 2012-2013 © 6ix IT