Many companies challenge hackers – or anyone else who wants to give it a try – to find security bugs in their systems and break in. Not only that, but they reward anyone who can do it successfully. The bigger the bug, the better the reward – commonly known as a bug bounty.

Inviting hackers to find vulnerabilities in your system may sound crazy, but these are typically white-hat hackers, also known as ethical hackers, who specialize in penetration testing for websites and software.

Besides, it’s always better if a bug is discovered by someone who’s working for you than by someone working against you.

How Organizations Benefit from Bug Bounty Programs

With bug bounty programs, companies get more eyes on their system, increasing the likelihood that major vulnerabilities won’t be overlooked.

There is no such thing as a perfect system. No matter how much you test your software, it’s going to have some bugs. It’s best to get that bug detected and fixed so it doesn’t lead to any major loss.

Bug bounty programs actually save money. A data breach can lead to millions of dollars’ worth of damages, not to mention the damage to the company’s reputation. Paying a few thousand dollars through a bounty program is much cheaper than losing valuable data.

How Hackers Benefit from Bug Bounties

Bug bounty programs give them an opportunity to test their skills.

The challenge adds to the fun of hacking. Also, it is white-hat hacking, which means it’s ethical and completely legal.

They get cash rewards that can be quite substantial

When they win a bounty, they gain recognition among their peers

Is it Worth a Try?

In 2016, Apple announced they would offer a bounty of up to $200,000 (!) to hackers who found vulnerabilities in their products – and they are not alone. Facebook, The Pentagon, Tesla, Google, and Microsoft all run similar programs, offering big bucks for big bugs. Facebook has actually paid people over $4.3 million since launching their bounty program in 2011. If you have the skill, it’s likely that someone out there will be glad to pay you for it.

Can you be the next bug bounty hunter?

NordVPN Launches Its Own Bug Bounty Program

On December 9, 2019 NordVPN joined the list of companies with a bug bounty program to help increase its security. It’s offering cash rewards from $100 for minor issues up to $5,000 or more for major problems to ethical hackers.

This program encourages white hat hackers, and anyone else to analyze NordVPN’s services, website, and apps for bugs and report any findings via the HackerOne platform. This will help ensure it provides the best quality product to its users. As long as the penetration testing is ethical, you need not worry about legal recourse.

Ruby Gonzalez, NordVPNs Head of Communications said “At NordVPN we seek to make our infrastructure – and customers’ data – as secure as possible. And community participation is essential for reaching this goal.”

NordVPNs bug bounty program is just one of five measures it’s implementing to increase security. Other measures include higher overall security standards, a partnership with a cybersecurity consulting firm, an infrastructure security audit, and switching to diskless RAM servers.

These additional security measures are all part of NordVPNs promise to bring its security to the next level and will make one of the best VPNs available even better.

The Complete Bug Bounty List

Here’s a list of all the bug bounty programs that are currently active.

(ISC)²

.nz Registry

0x Project

123 Contact Form

18F

1Password Game

23 And Me

ABN Amro

Accenture

Accredible

Acquia

Actility

Active Campaign

Active Prospect

ActiVPN

Adapcare

Adobe

Adyen

Aerohive

Affiliate Coin

Aion

Air Force Mining

Air VPN

Airbnb

Aircloak

Airdropster

AIrMiles Shop

Airswap

Aisi

Alcyon

Algolia

Alibaba

Alien Vault

Aliexpress

Altervista

Amara

Amazon Web Services

Ancient Brain

Android

Android Open Source

Anghami

AntiHack

AOL

Apache

Appcelerator

Apple

Apple (Dev)

Appoptics

Aptible

Aragon

Arch Linux

Ark

ARM mbed

Armis

Artifex

Artsy

Asana

Asterisk

Asus

AT&T

Atlassian

Augur

Auth0

AuthAnvil

Automattic

Avast!

Aventus

Aventus Protocol Foundation

Avesta

Avira

Badoo

Bancor

Barracuda Networks

Base

Basecamp

BASF

Battle.Net

Beamery

Beanstalk

Belastingdienst

Belden

Belgian Rail

Belgium Telenet

Betcoin

Beyond Security

Bime

BiMserver

Binance

Binary.com

Bing

Bit My Money

BitAccess

BitBNS

Bitcoin

Bitcoin.DE

BitDefender

Bitonic

Bitpay

Bittrex

BItwage

BitWarden

Bizmerlin

BL3P

Blackboard

Blackcoin

Blesta

BlinkSale

Blockchain

Blockchain Technology Research Innovations Corporation (BTRIC)

Blogger

Booking.com

Bosch

Boston Scientific

Bounty Guru

BountyFactory

BountySource

Box

Boxug

Braintree

BRD

BTX Trader

Buffer

Bug Crowd

Bynder

C2FO

C2L

Campaign Monitor

Cappasity

Carbon Black

Card

Cargocoin

Carnegie Mellon University Software Engineering Institute

Cayan

Central NIC

Centrify

CERT EU

Chalk

ChargeOver

Chargify

Chase

Chiark

Chill Project

Chrome

ChronoBank

CircleCi

Cisco

Cisco Meraki

CJIB

ClickUp

Clojars

Cloudflare

Coalition Inc

Cobalt

Code Climate

Codex WordPress

Coin Janitor

Coinbase

Coindrawer

Coinhive

CoinJar

Coinpayments

CoinSpectator

CoinStocks

CoinTal

Commons Ware

Compose

Constant Contact

CoreOS

Coupa

CPanel

Craigslist

Credit Karma

Crowdfense

CrowdShield

Crypto Angel

CryptoNinja

Customer Insight

Custos Tech

CyLance

Danske Bank

Dash

Dato Capital

De Nederlandsche Bank

de Volksbank

Debian Security Tracker

Deco Network

Deconf

Defensie

Deliveroo

DeliveryHero

Dell

Deribit

Detectify

Deutsche Telekom

Digital Ocean

Discord App

Discourse

Distilled ODN

Django

DJI

DNN Corporation

DNSimple

Docker

DOD

DoorKeeper

DPD

Drager

Drchrono

DropBox

Drupal

Duo Labs

Duo Lingo

Duo Security

Dyson

eBay

Eclipse

ee.Oulo

eero

Electronic Arts (Games)

Electronic Frontier Foundation (EFF)

Eligible

EMC

Emptrust

Enterprise XOXO Today

Envato

Erasmus

ESEA

ESET

Ethereum bounty

Etherscan

ETHfinex

ETHLend

ETHNews

EthnoHub

ETHorse

Etsy

EVE

Event Espresso

Eventbrite

Evernote

Evident

Expatistan

Express VPN

ExpressIf

Expression Engine

F Secure

Facebook

FanDuel

FastMail

FCA

Firebase

Firebounty

Fireeye

First

FitBit

FlexiSPY

FlexLists

Flow Dock

Fluxiom

Fog Creek

Foursquare

Fox IT

Foxycart

Free Software Foundation

Freedom of Press

Freelancer

FreshBooks

FUGA CLOUD

Gamma

Garanti Bank

Garmin

GateCoin

GateHub

Gemfury

Genesis ICO

Ghost

Ghostscript

Gimp

Github

Gitlab

GlassWire

GLX

Gnome

Gnosis

GoDaddy

GolemProject

Google

Google PRP

Google PRR

Grabtaxi Holdings Pte Ltd

Greenhouse Software Inc

Grok Learning

Guidebook

Hackenproof

Hackerearth

HackerOne

Hackner Security

Harmony

Havest

HelloSign

Help Scout

Heroku

Hex-Rays

HID Global

Hidester

Hirschmann

HIT BTC

Honeycomb

Honeywell

Honour

Hootsuite

Hostinger

HTC

Huawei

Humble Bundle

Hunter

Hybrid Saas

HyperLedger

I SIgn This

IBM

Icon Finder

ICS

ICT Institute

iFixit

IIT-G

IKEA

Imgur

Impact Earth

Indeed

Indorse

Inflectra

InfoPlus Commerce

Infovys

ING

Instacart

Instamojo

Instasafe

Instructure

IntegraXor (SCADA)

Intel

Intercom

Intercom

Internet Bug Bounty

Internetwache

Intigriti

Intrasurance

Invision App

IOTA

IPSWitch

Issuu

IT BIT

Jet.com (API)

JetApps

Jetendo

Jewel Payment Tech

Joomla

jruby

JSE Coin

Jumplead

Juniper

Kaseya

Kaspersky

Keep Key

Keepass

Keeper Chat

Keeper Security

Keming Labs

Kentico

KissFlow

Kraken

Kryptocal

Kuna

Kyber

Kyup

Ladesk

Lahitapiola

LastPass

LaunchKey

League of Legends

LeaseWeb

Ledger

Legal Robot

Lenovo

Leverj

LibSass

LifeOmic

Liferay

Line

LinkedIn

Linksys (Belkin)

LiveAgent

Local Bitcoins

Local Monero

Logentries

LZF

Magento

Magix AG

MailChimp

MailRu

Malwarebytes

Manage WP

Manalyzer

Martplaats

Massachusetts Institute of Technology

MassDrop

Matomo

Mattermost

Maximum

Mbed

McAfee

MediaWiki

Medium

Meraki

Merchant Shares

Meta Calculator

Meteor

Microsoft (bounty programs)

Microsoft (Online Services)

Microweber

Mime Cast

MIT Edu

Mobile Vikings

Mollie

Monetha

Moneybird

Motorola

Mozilla

Muchcoin

My Trove

MyStuff2 App

N26

NCC Group

NCSC

NDIX

Nearby

NEM

Nest

NetApp

NetBeans

netf

Netflix

Netgear

New Relic

NextCloud

Nimiq

Nitro Token

NMBRS

NN Group

Nocks

Nokia Networks

NordVPN

Nugit

Nuxeo

Nvidia

NXP

Oath

Observu

OCCRP

Odoo

Offensive Security

Olark

OneLogin

Onfido

Open Bounty

Open Office

Open Source University

Open SUSE

OpenBSD

OpenSSL

OpenText

OpenVPN

OpenXchange

Opera

Oracle

Orange

Orion Health

Outbrain

Outreach

OVH

OWASP

Owncloud

Packet Storm Security

PagerDuty

Panasonic Avionics

Panic

Panzura

PaperTrail App

Paragon Initiative Enterprises

Parity Tech

PasteCoin

Paychoice

Payiza

Paymill

Paypal

PaySera

Paytm

Peerio

Pentu

Perl

Philips

PHP

Phrendly

Pidgin

Pinoy Hack News

Pinterest

Plesk

Pocket

POLi Payments

Polyswarm

Port of Rotterdam

PostMark App

PowerDNS

Prezi

Private Internet Access

Proof Work

Proto VPN

Puppet Labs

PureVPN

PushWhoosh

QEMU

Qiwi

Qmail

Qualcomm

Quantopian

QuantStamp

Quickx

Quora

Qwilr

Rabo bank

Rackspace

Rainforest

Raise

Rapid7

Razer

RCE Security

Recht Spraak

Red Sift

RedHat

Regionale Belasting Groep

Release Wire

Report Garden

Request Network

Rev Next

Rhino Security Labs

Ribose

RightMesh

Rijskoverheid

Riot Games

Ripple

Rocket-Chat

Roll Bar

Royal Bank of Scotland

Rust

SafeHats

SalesForce

Samsung – Mobiles

SAP

Saveya

Scaleft

Secure Pay

Secureworks

Security Escape

Segment

Sellfy

Sentry

ShareLaTex

Shivom

Shopify

ShowMax

Shuberg Philis

Sifter

Sifter

SIgnify

Silent Circle

Silver Gold Bull

Silver Gold Bull CA

Simpplr

SiteGround

SiteLock

Skoodat

Skuid

Slack

Sli Do

Smartling

Smokescreen

SNS Bank NL

Snyk

Socrata

Solar Accounts

Solve 360

Solve 360

Solvinity

Sonatype

Sony

Sophos

SoundCloud

Sphero

Spilgames

SplitWise

Splunk

Spokeo

Sporty Co

Spotcap

Spotify

Spreaker

Spring Role

Sprout Social

Sqreen

Square

Starbase

Starbucks

Starleaf

StatusPage.io

Stellar

Stellar Gold

StopTheHacker

Studielink

StudiVZ (Report)

Swachh Coin

Swiggy

SwissCom

NortonLifeLock

Synack

Synapse

Synology

Synosys

Takealot

Talent LMS

TarSnap

Taxi Butler

TeeSpring

Telecom Italia

Telegram

Telekom

Telenet Belgium

Tendermint

TenX

Teradici

Tesla

TestBirds

The Atlantic

Thinkful

ThisData

Thuisbezorgd

Tictail

Tinder

Token Valley

Tokia

TorGuard VPN

TransLoadIt

Traveloka

Trend Micro

Trezor

Tron Network

Trustly

TrustPay

Tuenti

Tumblr

Twilio

Twitch Interactive

Twitter

Typo3

Uber

Ubnt

Ubuntu Server

Umbraco

Unchained

Unitag

United Airlines

United Nations

Unity

Unocoin

Uphold

Upscope

Upscope

Upwork

Valve

Van Lanschot

Vanilla

Vasco

Venmo (App)

Verizon

Viadeo

ViewPost

Vimeo

Virtual Box

Visma Enterprise Oy

VK

Vodafone Security DE

VSR

Vu

Vulnerability Laboratory

Walmart

Wamba

Wave Stone

We Transfer

Weave Work

Web GUI

Webconverger

Weblate

Webmini

Websecurify

WeiFund

Werken Bij Defensie

Western Union

WhatRuns

White Hat Securities

Wickr

Winding Tree

Windows

Windthorst ISD

WINGS DAPP

WINK

WordPress

XenProject

Xiaomi

XYO Network

Yahoo

Yahoo

Yandex

Yelp

YouTube

Zapier

Zcoin

Zenmate

Zerobrane

Zerodium

Zeta

Zetetic

Zimbra

Zimperium

Zipline

Zoho

Zomato

Zynga

Think you can break open a bug and claim the bounty? If detecting bugs is your thing, you can easily become a millionaire. Try your luck on any of these bounty programs.