🔍
100 shown
Quick orientation

This page is built for scanning fast, not fighting a wall of cards.

Use search and filters to narrow the list, then compare payout ceiling, focus area, geography, and whether a platform is public or invite-only. If you're choosing where to spend time, start with fit first, then payout.

  • Tier S: biggest upside, hardest competition, strongest brands.
  • Tier A: serious programs with real money and a better balance of access and value.
  • Tier B/C: regional, niche, or emerging platforms that can still be very worth it.
S

Tier S — Elite Earning Potential

$100,000+ bounties possible. Home to the world's largest programs and DeFi protocol audits worth millions.

8 platforms
#1
HackerOne
🇺🇸USA Bug Bounty
💰💰💰💰💰

The world's largest bug bounty platform with 2,000+ programs and $300M+ paid to hackers. Home to Google, Microsoft, and Department of Defense programs with six-figure bounties.

#2
Bugcrowd
🇺🇸USA Bug Bounty
💰💰💰💰💰

Second-largest crowdsourced security platform with programs from Tesla, Mastercard, OpenAI, and hundreds of Fortune 500 companies. Strong enterprise and government presence.

#3
Immunefi
🌐Global Smart Contract
💰💰💰💰💰

The #1 blockchain/DeFi bug bounty platform with $100M+ paid out. Programs from Ethereum Foundation, Polygon, and Chainlink offer up to $10M per bug. Critical vulns are worth fortunes here.

#4
Code4rena
🌐Global Smart Contract
💰💰💰💰💰

Competitive smart contract audit platform where top auditors earn $50K–$500K per contest. Battle-tested by Uniswap, ENS, and Compound. The premier arena for DeFi security researchers.

#5
Intigriti
🇧🇪Belgium / EU Bug Bounty
💰💰💰💰💰

Europe's leading bug bounty platform with 900+ researchers and programs from Proximus, ING, and EU institutions. Top GDPR-compliant choice for European enterprises with six-figure programs.

#6
Sherlock
🌐Global Smart Contract
💰💰💰💰💰

DeFi-native security platform combining competitive audits with on-chain coverage protocols. Auditors can earn $20K–$200K per contest auditing cutting-edge DeFi protocols.

#7
Synack
🇺🇸USA PTaaS
💰💰💰💰💰

Elite invite-only platform serving the US Department of Defense, DARPA, and Fortune 100 companies. Vetted researchers earn among the highest rates in the industry through classified programs.

#8
Spearbit
🌐Global Smart Contract
💰💰💰💰💰

A distributed security firm of top-tier smart contract auditors. Audits major protocols like OpenSea, Yearn, and Lido. Top auditors earn $150K+ on flagship engagements.

A

Tier A — High Earning Potential

$10,000–$100,000 typical top bounties. Includes major corporate VRPs, regional powerhouses, and specialized audit platforms.

22 platforms
#9
Google VRP
🇺🇸USA VRP
💰💰💰💰💰

Google's Vulnerability Reward Program covers Chrome, Android, and all Google products. Top payouts reach $150K+ for critical Android and Chrome bugs. Paid $12M+ in 2023 alone.

#10
Microsoft MSRC
🇺🇸USA VRP
💰💰💰💰💰

Microsoft Security Response Center with bounties up to $250K for Azure, M365, and Windows. The Hyper-V bounty is one of the largest single-bug rewards in the industry.

#11
Apple Security Bounty
🇺🇸USA VRP
💰💰💰💰💰

Apple's private bug bounty program offers up to $1M for zero-click full chain exploits on iOS. iCloud, macOS, and Secure Enclave vulnerabilities command some of the highest bounties in the industry.

#12
YesWeHack
🇫🇷France / EU Bug Bounty
💰💰💰💰

Europe's second-largest platform with 45,000+ ethical hackers and clients including BNP Paribas, Airbus, and the French government. Strong compliance with EU data sovereignty requirements.

#13
Cobalt
🇺🇸USA PTaaS
💰💰💰💰

Pentest-as-a-Service leader with 450+ vetted pentesters (Cobalt Core). Used by Zuora, Mimecast, and Palo Alto Networks. Structured pentests deliver consistent, high-quality findings with remediation guidance.

#14
Zero Day Initiative (ZDI)
🇺🇸USA VRP
💰💰💰💰

Trend Micro's vulnerability acquisition program — the world's largest independent vendor-agnostic VRP. Buys vulnerabilities in enterprise software and coordinates responsible disclosure. Pwn2Own sponsor.

#15
CertiK Bug Bounty
🇺🇸USA Smart Contract
💰💰💰💰

Leading Web3 security platform combining formal verification, audits, and bug bounties. Has audited $300B+ in assets. Skynet monitors live on-chain activity for real-time threat detection.

#16
Cantina
🇺🇸USA Smart Contract
💰💰💰💰

Curated smart contract security platform with competitive audits and managed reviews. Founded by former Paradigm and Spearbit researchers. Attracts elite DeFi auditors with top-tier payouts.

#17
CodeHawks
🇺🇸USA Smart Contract
💰💰💰💰

Cyfrin's competitive audit platform with First Flights (learning) and full competitive contests. Strong community of upcoming auditors. Notable contests paying $50K+ for leading protocols.

#18
Hats Finance
🌐Global Smart Contract
💰💰💰💰

Decentralized bug bounty protocol where projects stake tokens in vaults. Researchers earn from on-chain vault payouts, creating trustless, autonomous bounty distribution without middlemen.

#19
HackenProof
🇪🇪Estonia Bug Bounty
💰💰💰💰

Leading crypto-focused bug bounty platform from Hacken. Hosts programs for Binance, Crypto.com, and NEAR Protocol. Specializes in Web3 and crypto-native organizations with competitive bounty pools.

#20
GitHub Security Bug Bounty
🇺🇸USA VRP
💰💰💰💰

GitHub's vulnerability reward program covering GitHub.com, GitHub Enterprise, and GitHub Actions. Critical findings on the platform used by 100M+ developers earn substantial bounties up to $30K+.

#21
Samsung VRP
🇰🇷South Korea VRP
💰💰💰💰

Samsung's Mobile Security Rewards Program offers up to $1M for arbitrary code execution on Galaxy devices in secure boot environments. One of the richest mobile-focused VRPs outside Apple.

#22
Detectify Crowdsource
🇸🇪Sweden ASM / Crowdsource
💰💰💰💰

Unique attack surface management platform with crowdsourced security modules. Elite researchers submit modules that power Detectify's continuous scanning for thousands of enterprise clients. Ongoing passive income model.

#23
Shopify Bug Bounty
🇨🇦Canada VRP
💰💰💰💰

One of the most respected corporate bug bounty programs on HackerOne. Shopify has paid $1M+ to researchers and is known for quick triage, fair bounties, and a researcher-first culture.

#24
Tesla Bug Bounty
🇺🇸USA VRP
💰💰💰💰

Tesla's vehicle and infrastructure bug bounty on Bugcrowd covers the Tesla network, vehicle software, and Autopilot systems. Automotive OEM bugs are rare and well-compensated — full vehicle exploits earn $15K+.

#25
Yogosha
🇫🇷France Bug Bounty
💰💰💰💰

French elite crowdsourced security platform with invite-only researcher community. Serves major French banks, telecoms, and government agencies. Strong NIS2/DORA compliance capabilities.

#26
Huntr
🇬🇧UK Bug Bounty
💰💰💰💰

World's first AI/ML bug bounty platform, acquired by Protect AI. Specializes in vulnerabilities in open-source ML libraries (Hugging Face, TensorFlow, PyTorch). Critical in the booming AI security space.

#27
GitLab Bug Bounty
🇺🇸USA / Global VRP
💰💰💰💰

GitLab's public HackerOne program is fully open-source friendly and includes the GitLab.com SaaS and self-managed product. Known for quick response times and comprehensive scope including CI/CD pipelines.

#28
AuditOne
🇪🇺Europe Smart Contract
💰💰💰💰

European smart contract security platform combining automated analysis with competitive community audits. Transparent leaderboard system rewards top auditors. Growing DeFi and NFT client base.

#29
Buglab
🇸🇬Singapore / APAC Bug Bounty
💰💰💰💰

Blockchain-powered bug bounty platform headquartered in Singapore. Uses NGL token incentive structures. Strong presence in APAC fintech and crypto organizations with time-limited competitive contests.

#30
Atlassian Bug Bounty
🇦🇺Australia VRP
💰💰💰💰

Atlassian's Bugcrowd program covers Jira, Confluence, Bitbucket, and Trello used by millions of enterprises. Critical vulnerabilities in its cloud products that affect data isolation earn high bounties.

B

Tier B — Solid Earning Potential

$1,000–$10,000 typical top bounties. Regional platforms, specialized sectors, and emerging market leaders.

40 platforms
#31
Bug Bounty Switzerland
🇨🇭Switzerland Bug Bounty
💰💰💰

Switzerland's leading bug bounty platform serving Swiss banking, fintech, and government sectors. Strong compliance with Swiss data protection laws. Growing community of DACH-region security researchers.

#32
GObugfree
🇨🇭Switzerland Bug Bounty
💰💰💰

Swiss-based platform focused on DACH market enterprises and government organizations. Offers structured bug bounty programs with compliance-oriented reporting for regulated industries like finance and healthcare.

#33
Compass Security
🇨🇭Switzerland Bug Bounty
💰💰💰

Swiss security consultancy running targeted bug bounty programs. Specializes in critical infrastructure and financial sector security assessments. Combined consulting and crowdsourced model for Swiss enterprises.

#34
Hackrate
🇭🇺Hungary / CEE Bug Bounty
💰💰💰

Central European bug bounty platform serving Hungarian and CEE organizations. Growing researcher community with leaderboard incentives. Unique regional positioning for Eastern European enterprise clients.

#35
HACKTIFY
🇪🇺Central & Eastern EU Bug Bounty
💰💰💰

Central and Eastern European bug bounty platform with GDPR-compliant infrastructure. Serves regional governments, banks, and telcos. Strong community with transparent leaderboard and program catalog.

#36
Cyscope
🇨🇭Switzerland / LatAm Bug Bounty
💰💰💰

Swiss-founded platform bridging European and Latin American security markets. Unique bilingual (EN/ES) approach for DACH and LatAm organizations. Regulatory compliance focus for fintech and e-commerce sectors.

#37
BugBounter
🌐US / Estonia / Turkey Bug Bounty
💰💰💰

Multi-region platform bridging US, European, and Turkish markets. Offers both bug bounty and VDP program types with transparent researcher rankings. Cost-effective for SMEs entering crowdsourced security.

#38
Federacy
🇺🇸USA Bug Bounty
💰💰💰

US-based platform offering budget-friendly managed bug bounty programs for startups and SMEs. Combines program management with researcher triage. Good entry point for companies new to crowdsourced security.

#39
Bugbase
🇮🇳India Bug Bounty
💰💰💰

India's leading bug bounty platform serving homegrown startups and enterprises. AI-powered triage and vulnerability management. Strong community of Indian security researchers with growing global program list.

#40
Crowdswarm
🇦🇪United Arab Emirates Bug Bounty
💰💰💰

Middle East's leading bug bounty platform based in Dubai. Serves regional government entities, telecom companies, and fintech organizations. Growing community bridging MENA-region security talent with enterprise clients.

#41
CyberTalents
🌍Middle East / Africa Bug Bounty
💰💰💰

Combined CTF and bug bounty platform focused on MENA and Africa. Includes certification pathways, training, and live bug bounty programs. Major pipeline for regional security talent into enterprise programs.

#42
Patchstack
🇪🇪Estonia Bug Bounty
💰💰💰

World's largest WordPress vulnerability database and bug bounty platform. Coordinates responsible disclosure for 60,000+ WordPress plugins and themes. Critical source for WP security intelligence.

#43
Wordfence Bug Bounty
🇺🇸USA Bug Bounty
💰💰💰

Wordfence's WordPress-focused bug bounty paying for plugin and theme vulnerabilities. With 100M+ WordPress sites globally, the attack surface is enormous. High-severity findings earn $10K+ with coordinated disclosure bonuses.

#44
Cyber Army Indonesia
🇮🇩Indonesia Bug Bounty
💰💰💰

Indonesia's top bug bounty platform with a large community of local security researchers. Serves Indonesian government portals, banks, and tech unicorns. Strong CTF integration and researcher training programs.

#45
Dvuln
🇦🇺Australia Bug Bounty
💰💰💰

Australian boutique bug bounty platform for Asia-Pacific organizations. Vetted researcher community with Australian data sovereignty compliance. Serves financial services, healthcare, and government sectors in APAC.

#46
Bugbop
🇦🇺Australia Bug Bounty
💰💰💰

Australian-born bug bounty SaaS platform serving APAC enterprises. Self-service program setup with streamlined triage workflows. Good option for Australian companies wanting local data residency with global researcher access.

#47
Com Olho
🇮🇳India Bug Bounty
💰💰💰

India-based bug bounty and security intelligence platform with compliance-focused reporting. Researcher community scoring and verified disclosure certificates. Growing presence in South Asian enterprise market.

#48
Inspectiv
🇺🇸USA Bug Bounty
💰💰💰

US-based managed bug bounty platform combining human pentesting with crowdsourced researchers. Offers comprehensive vulnerability management with integrations to Jira and ServiceNow for enterprise workflows.

#49
BugRap
🌐Global Bug Bounty
💰💰💰

Global bug bounty platform with full public program directory and researcher leaderboard. Focus on transparency and open program listings. Appeals to independent researchers seeking public programs without invite requirements.

#50
Vulnerability Lab
🇩🇪Germany Bug Bounty
💰💰💰

German vulnerability research platform and coordination body with 15+ years of history. Large archive of public disclosures and an active researcher community. Widely used for German enterprise VDP programs.

#51
Zerocopter
🇳🇱Netherlands Bug Bounty
💰💰💰

Dutch managed bug bounty platform with compliance-first approach. Serves Dutch government ministries, banks (ING, ABN AMRO), and tech companies. Strong focus on responsible disclosure and GDPR-compliant processes.

#52
Secuna
🇵🇭Philippines / ASEAN Bug Bounty
💰💰💰

Southeast Asia's leading bug bounty platform headquartered in the Philippines. Serves regional fintech, e-commerce, and government organizations. Growing ASEAN researcher community with localized support.

#53
WhiteHub
🇻🇳Vietnam Bug Bounty
💰💰💰

Vietnam's premier bug bounty platform by CyStack. Hosts programs from leading Vietnamese banks, telecoms, and tech companies. Strong researcher community across Southeast Asia with transparent public programs.

#54
Secure3
🇺🇸USA Smart Contract
💰💰💰

Smart contract audit platform combining AI-powered analysis with competitive audit contests. Serves Solana and EVM projects with a growing auditor community. Accessible entry point for new blockchain security auditors.

#55
IssueHunt
🇯🇵Japan Bug Bounty
💰💰💰

Japanese open-source bug bounty and feature request platform. Funds both vulnerability fixes and feature development in open-source projects. Unique crowd-funded bounty model where community members pool rewards for issues.

#56
Open Bug Bounty
🌐Global VDP / Free
💰💰💰

Free and open non-commercial VDP platform with 30K+ programs and 2M+ reports submitted. Hosts the largest number of VDP programs globally. CVE assignment, ISO 29147-compliant workflows at no cost to organizations.

#57
Findbug
🇽🇰Kosovo / Western Balkans Bug Bounty
💰💰💰

Balkans-based bug bounty platform tapping into the region's growing security talent pool. Serves regional enterprises and provides pathways for Western Balkan researchers into global security programs.

#58
Nordic Defender
🇸🇪Sweden / Nordics Bug Bounty
💰💰💰

Nordic-region managed bug bounty and VDP platform. Serves Scandinavian banks, telcos, and government agencies requiring GDPR-compliant, locally managed security programs. Fully DAST-integrated workflows.

#59
HuntBug
🇺🇸USA Bug Bounty
💰💰💰

US-based competitive bug bounty platform with leaderboard gamification and researcher reputation scoring. Focuses on transparent program management and fair, consistent reward structures for both researchers and organizations.

#60
Swarmnetics
🇸🇬Singapore Bug Bounty
💰💰💰

Singapore-based elite bug bounty platform with a highly vetted private researcher community. Serves Singapore government agencies, MAS-regulated financial institutions, and ASEAN tech companies.

#61
RedStorm
🇮🇩Indonesia Bug Bounty
💰💰💰

Indonesian bug bounty platform with a community-first approach. Bridges Indonesia's large security researcher community with domestic and regional enterprise clients. Active program listings with transparent scope definitions.

#62
Remedy (r.xyz)
🌐Global Bug Bounty
💰💰💰

Next-generation bug bounty platform with streamlined UX and modern program management tools. Public hunt portal with growing list of programs. Fresh approach to researcher experience with fast, transparent triage processes.

#63
Secur0
🌍Europe / LatAm Bug Bounty
💰💰💰

Multi-regional platform covering Europe and Latin America with bilingual program support. Transparent researcher leaderboards and public program catalog. Growing cross-market presence for organizations targeting both regions.

#64
Safehats
🇮🇳India Bug Bounty
💰💰💰

Indian bug bounty platform with enterprise-grade program management. Serves domestic companies seeking vetted Indian security researchers. Compliance-oriented reporting for RBI-regulated and SEBI-regulated organizations.

#65
Ravro
🇮🇷Iran Bug Bounty
💰💰💰

Iran's leading bug bounty platform connecting domestic security researchers with Persian-speaking enterprises. Localised program management with Farsi-language support. Unique gateway to Iran's large security talent pool.

#66
Vulnscope
🇨🇱Chile / LatAm Bug Bounty
💰💰💰

Latin American bug bounty platform headquartered in Chile. Serves South American banks, fintechs, and government portals. Spanish-language platform bridging LatAm security talent with the region's growing digital economy.

#67
Safevuln
🇻🇳Vietnam Bug Bounty
💰💰💰

Vietnamese vulnerability disclosure and bug bounty platform with public leaderboard. Serves Vietnamese enterprises seeking domestic researchers familiar with local regulatory environments and business contexts.

#68
PatchDay
🇰🇷South Korea Bug Bounty
💰💰💰

Korean bug bounty and VDP platform serving South Korean enterprises, gaming companies, and e-commerce platforms. Localized Korean-language experience bridging domestic security researchers with major Korean brands.

#69
ødin (0din.ai)
🇺🇸USA Bug Bounty / AI
💰💰💰

Mozilla's AI/LLM-focused bug bounty platform. Targets vulnerabilities in large language models, AI systems, and generative AI infrastructure. At the frontier of a rapidly growing security discipline for AI systems.

#70
Hashlock
🇦🇺Australia Smart Contract
💰💰💰

Australian blockchain security firm offering smart contract audits and bug bounty programs. Serves APAC Web3 projects seeking local timezone support and regulatory compliance for DeFi and NFT platforms.

C

Tier C — Emerging & VDP Platforms

$100–$1,000 or reputation-based rewards. Government VDPs, regional platforms, and nascent ecosystems building the global security community.

30 platforms
#71
CISA VDP Platform
🇺🇸USA Gov VDP
💰💰

US CISA's coordinated vulnerability disclosure platform for civilian federal agencies. Non-monetary but carries significant credibility. Covers .gov domains and critical US infrastructure.

#72
UK NCSC VDP
🇬🇧United Kingdom Gov VDP
💰💰

UK National Cyber Security Centre's VDP for government systems. Non-monetary recognition. Key program for researchers targeting .gov.uk infrastructure and UK critical national infrastructure.

#73
Australian Gov VDP
🇦🇺Australia Gov VDP
💰💰

Australian Government's coordinated VDP for federal agency systems. Part of Australia's cyber resilience strategy. Non-monetary recognition for responsible disclosure to government assets.

#74
Singapore GovTech VDP
🇸🇬Singapore Gov VDP
💰💰

Singapore GovTech's VDP covering all government digital services. One of Asia's most mature government VDP programs with structured response and public researcher acknowledgements.

#75
Swiss NCSC Bug Bounty
🇨🇭Switzerland Gov VDP
💰💰

Switzerland's National Cyber Security Centre vulnerability reporting program for federal systems. Part of Switzerland's proactive national cybersecurity approach with structured responsible disclosure processes.

#76
DIVD
🇳🇱Netherlands VDP / Non-profit
💰

Dutch Institute for Vulnerability Disclosure — a volunteer collective scanning the internet for vulnerabilities. Coordinates responsible disclosure globally. No monetary rewards but huge public impact and community recognition.

#77
BI.ZONE Bug Bounty
🇷🇺Russia Bug Bounty
💰💰

Russia's leading corporate bug bounty platform by BI.ZONE (Sberbank subsidiary). Serves major Russian enterprises and state corporations. Access to Russian-speaking security researchers and domestic program infrastructure.

#78
Standoff 365 Bug Bounty
🇷🇺Russia Bug Bounty
💰💰

Positive Technologies' platform linked to the famous Standoff cyberrange events. Merges CTF competition culture with live bug bounty programs. Strong Russian cybersecurity community engagement.

#79
BugBounty.ru
🇷🇺Russia Bug Bounty
💰💰

Russian-language bug bounty platform serving domestic enterprises and government-adjacent organizations. One of the earliest dedicated platforms for the Russian-speaking security community with public and private programs.

#80
Butian (补天)
🇨🇳China Bug Bounty
💰💰

360 Security's major bug bounty platform ("Patch the Sky") — one of China's largest vulnerability disclosure platforms. Serves hundreds of Chinese enterprises. Top domestic security talent hub with massive researcher community.

#81
Vulbox
🇨🇳China Bug Bounty
💰💰

Chinese bug bounty and vulnerability intelligence platform by Pwnzen. Competitive seasonal leaderboards and large public program catalog. Integrates with threat intelligence for Chinese enterprise clients.

#82
bugbounty.jp
🇯🇵Japan Bug Bounty
💰💰

Japan's dedicated bug bounty platform serving domestic enterprises in Japanese. Bridges Japan's security researchers with domestic companies less accessible through global platforms. Localised Japanese-language workflows.

#83
bugbounty.sa
🇸🇦Saudi Arabia Bug Bounty
💰💰

Saudi Arabia's national bug bounty platform aligned with Vision 2030 digital transformation goals. Serves Saudi government entities, banks, and telcos. Growing community of GCC-region security researchers.

#84
BugBounty.am
🇦🇲Armenia Bug Bounty
💰💰

Armenia's bug bounty platform serving domestic tech companies and startups. Taps into Armenia's thriving tech ecosystem and talented security research community. Emerging platform in the South Caucasus region.

#85
Bug Hunt
🇧🇷Brazil Bug Bounty
💰💰

Brazil's leading bug bounty platform with programs from major banks (Banco do Brasil, Itaú), fintechs, and enterprises. Largest Latin American security researcher community. Portuguese-language with public leaderboard.

#86
Gerobug
🇮🇩Indonesia Self-Hosted VDP
💰

Open-source self-hosted VDP platform from Gero Security (Indonesia). Organizations can run their own bug bounty/VDP infrastructure without third-party dependency. Free to use, fork, and customize for any organization.

#87
Bug Bounty Box
🇰🇪Kenya / Africa Bug Bounty
💰💰

Africa's emerging bug bounty platform based in Kenya. Serves African fintech, telecoms, and mobile money platforms. Tapping into the continent's growing security talent and bringing African organizations into crowdsourced security.

#88
Bugv
🇳🇵Nepal Bug Bounty
💰💰

Nepal's first dedicated bug bounty platform for domestic tech companies and startups. Active Nepali security community with public leaderboard. Pathway for South Asian researchers into regional enterprise programs.

#89
Capture The Bug
🇳🇿New Zealand Bug Bounty
💰💰

New Zealand's bug bounty platform for Kiwi businesses and government entities. Provides data sovereignty and local researcher engagement for NZ organizations preferring domestic security testing programs.

#90
Teklabspace
🇳🇬Nigeria / West Africa Bug Bounty
💰💰

Nigerian cybersecurity platform combining bug bounty programs with security training. Serves West African enterprises and fintechs. Developing Nigeria's security research community through training, CTFs, and live programs.

#91
SlowMist
🇨🇳China / Global Blockchain Security
💰💰

China's leading blockchain security firm with its own bug bounty coordination program. Specializes in exchange hacks, DeFi exploits, and Web3 security. Major incident responder for Asian crypto ecosystem breaches.

#92
Pentabug
🇮🇳India Bug Bounty
💰💰

Indian bug bounty platform for SMEs and startups entering crowdsourced security. Cost-effective program management with pre-screened Indian security researchers. Good entry point for Indian tech companies launching first programs.

#93
thebugbounty
🇲🇾Malaysia Bug Bounty
💰💰

Malaysian bug bounty platform connecting domestic researchers with local enterprises. Serves Malaysian banks, government agencies, and telcos. Localized support for Bahasa Malaysia-speaking clients and researchers.

#94
LRQA Nettitude
🇬🇧United Kingdom Bug Bounty
💰💰

LRQA Nettitude's managed bug bounty platform for UK and European enterprises. CREST-accredited methodology with compliance-oriented deliverables. Combines traditional consulting with crowdsourced testing for regulated industries.

#95
Bugsbounty.io
🇬🇧England / UK Bug Bounty
💰💰

UK-based bug bounty platform for British enterprises seeking local data residency and compliance. Private program management with vetted researcher onboarding. Growing presence in UK fintech and media sectors.

#96
Topcoder Security
🇺🇸USA Dev + Bug Bounty
💰💰

Crowdsourcing platform with security challenge tracks alongside coding and design. Bug bounty is a subset of Topcoder's broader 1.8M+ member crowd-talent platform. Useful for organizations wanting integrated dev+security testing.

#97
Testbirds
🇩🇪Germany QA + Bug Bounty
💰💰

German crowd testing platform with 700K+ testers worldwide combining QA, usability, and security testing. Security tracks available for European enterprises wanting functional and security testing in one engagement.

#98
Uber Bug Bounty
🇺🇸USA VRP
💰💰

Uber's HackerOne program covering Uber.com, Uber Eats, and driver/rider apps. Post-breach improvements made it a model for corporate responsibility. Scope covers mobile apps, APIs, and rideshare platform infrastructure.

#99
Vulnscope
🇨🇱Chile / LatAm Bug Bounty
💰💰

Latin American bug bounty platform from Chile. Serves South American banks, fintechs, and government portals. Spanish-language platform bridging LatAm security talent with the region's growing digital economy.

#100
NCSC-NL VDP
🇳🇱Netherlands Gov VDP
💰

Netherlands NCSC's coordinated vulnerability disclosure — a model that helped establish European CVD best practices. Non-monetary but globally influential for responsible disclosure policy. Covers Dutch government systems.

🔍 No platforms match your search. Try different keywords or clear the filters.

🛡️ Is your website secure?

Discover vulnerabilities before attackers do.

Scan your website for free →

Related Articles

10 Best Vulnerability Scanners in 2026 -- Comparison and Review NIS2, DORA, GDPR & AI Act -- Security Regulations News Bug Bounty Automation: How AI Is Changing Vulnerability Discovery in 2026 Vulnerability Management: The Complete Guide