Bug bounty programs provide opportunities for you to find and disclose vulnerabilities to companies. In return, companies reward you for your contributions to acknowledge your efforts. Over time, you can build up your reputation as a highly qualified and reliable security researcher while stockpiling cash, kudos, and swag.
Anyone can sign up to be a researcher. To become a researcher, you just need to sign up for an account.
All of our researchers can participate in any public bug bounty program that we run. However, some programs may require that you go through some additional identity checks before you can participate in their programs.
There are two main rewards:
- Kudos points – These are points that Bugcrowd award you when you submit a valid vulnerability. Bugcrowd uses kudos points to measure the quality, impact, and volume of your submissions. Points affect your rank, which reflects the reliability and quality of vulnerabilities that you discover. The more kudos points that you accumulate, the better chance you have of making it onto our Leaderboard and the Hall of Fame for a particular bounty.
- Monetary – This is the financial compensation that you receive from a company when you submit a valid vulnerability to their bug bounty program.
Before you get started, we highly recommend that you read our Code of Conduct and Standard Disclosure Terms to learn what is expected from you. We want to make sure that we're all on the same page before you join the crowd and participate in our programs.
Each time you participate in a program, you have an opportunity to earn kudos points.
Besides kudos points, you're also measured by quality of your reports, the impact of your discoveries, your activity level, and the amount of trust you've established by following all of our terms. For more information on how we measure researcher performance, click here.
- Go to https://bugcrowd.com/user/sign_up.
- Fill out the form to create your account.
- Choose whether or not you want to make your profile publicly available.
- Read and then agree to the terms and conditions.
Bugcrowd will need to send an e-mail that contains confirmation instructions for your account.
Follow the instructions outlined in the e-mail to finish creating your account. After you've validated your email, you can log in to Bugcrowd and start finding bugs.