Bug bounty programs provide opportunities for you to find and responsibly disclose vulnerabilities to companies. In return, companies reward you for your contributions to acknowledge your efforts. Over time, you can build up your reputation as a highly qualified and reliable security researcher while earning cash, points, and swag.
Anyone can sign up to be a researcher. To become a researcher, you just need to create an account.
There are two main rewards:
- Points – The Bugcrowd platform awards you these when you submit a valid vulnerability. The more points that you accumulate, the better chance you have of making it onto our Leaderboard and the Hall of Fame for a particular program.
- Monetary – Financial compensation that you receive from a company when you submit a valid vulnerability to their bounty program.
For more information on rewards, see our page on Getting Rewarded.
You can also earn cool gear and Swag with qualifying submissions, through our current programs for Researcher Incentives.
Before you get started, we highly recommend that you read our Code of Conduct and Standard Disclosure Terms to learn what is expected from you. We want to make sure that we're all on the same page before you join the crowd and participate in our programs.
Before you get started, we strongly recommend that you read our Code of Conduct and Standard Disclosure Terms to understand what is expected behaviour, before joining the Crowd and participating in programs.
Each time you participate in a program and submit a valid vulnerability report, you have an opportunity to earn build your stats and reputation on the Bugcrowd platform.
Your stats are a reflection of the quality of your written reports, the impact of your discoveries, your activity level, and the reputation you've built by following all of our terms and conditions:
- Go to https://bugcrowd.com/user/sign_up.
- Fill out the form to create your account.
- Choose whether or not you want to make your profile publicly available. You can always adjust this later if you change your mind.
- Read and agree to the terms and conditions.
The Bugcrowd platform will send an e-mail that contains confirmation instructions for your account.
Follow the instructions outlined in the e-mail to finish creating your account. After you've validated your email, you can log in to Bugcrowd and start reporting vulnerabilities.