PDA

Ver la versión completa : Programas de recompensas para quienes encuentran vulnerabilidades


LUK
18-09-2014, 15:20
La empresa Bugcrowd (https://bugcrowd.com/list-of-bug-bounty-programs) ha publicado una lista completa de los programas de recompensas (bug bounty programs) que diferentes empresas ponen en práctica para permitir a los usuarios e investigadores denunciar vulnerabildades encontradas en sus plataformas.

El listado tiene más de 80 empresas y entre las empresas más conocidas están:




Amazon Web Services (http://aws.amazon.com/security/vulnerability-reporting)
Android Free Apps (http://www.androidfreeapp.net/security-researcher-acknowledgments/)
Apple (https://ssl.apple.com/au/support/security/)
Avast! (http://www.avast.com/bug-bounty)
Avira (http://www.avira.com/en/support-vulnerability)
Badoo (http://corp.badoo.com/security)
Barracuda (http://barracudalabs.com/?page_id=3456)
Blackberry (https://global.blackberry.com/secure/report-an-issue/en.html)
Blackphone (https://bugcrowd.com/portal/bounties/blackphone?utm_source=the-list&utm_medium=list-link&utm_campaign=blackphone)
Blogger (http://www.google.com/about/appsecurity/reward-program/)
Box (https://www.box.com/about-us/security/)
Cisco (http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html)
CPanel (http://cpanel.net/cpanel-security-bounty-program/)
Cryptocat (https://crypto.cat/bughunt/)
Cupcake (https://cupcake.io/security)
Dell Secureworks (http://www.secureworks.co.uk/contact/disclosure/)
Deutsche Telekom (http://www.telekom.com/corporate-responsibility/security/186450)
Dropbox (https://www.dropbox.com/special_thanks)
Drupal (https://drupal.org/security-team)
eBay (http://pages.ebay.com/securitycenter/Researchers.html)
Eclipse (http://www.eclipse.org/security/)
EMC2 (http://www.emc.com/contact-us/contact/product-security-response-center.htm)
Evernote (http://evernote.com/security/)
Facebook (http://www.facebook.com/whitehat/bounty/)
Foursquare (https://foursquare.com/about/security)
Github (https://bounty.github.com/)
Google (http://www.google.com/about/company/rewardprogram.html)
Honeywell (https://honeywell.com/Pages/vulnerabilityreporting.aspx)
Hootsuite (https://hootsuite.com/security/response)
HTC (http://www.htc.com/us/terms/product-security/)
Huawei (http://www.huawei.com/en/security/psirt/report-vulnerabilities/index.htm)
IBM (http://www-03.ibm.com/security/secure-engineering/report.html)
Instagram (https://www.facebook.com/whitehat/bounty/)
Joomla (http://vel.joomla.org/submit-vel.html)
Juniper (https://www.juniper.net/us/en/security/report-vulnerability/)
LastPass (https://bugcrowd.com/lastpass?utm_source=the-list&utm_medium=list-link&utm_campaign=lastpass)
LinkedIn (http://help.linkedin.com/app/answers/detail/a_id/37022)
Lookout (https://hackerone.com/lookout)
MacOS X Bitcoin LevelDB data corruption issue (https://bitcointalk.org/index.php?PHPSESSID=nklrdn90ip5rq3m3enprac9154&topic=337294.0;all)
Magento (http://magento.com/security)
Mega.co.nz (http://thenextweb.com/insider/2013/02/01/kim-dotcom-puts-up-13500-bounty-for-first-person-to-break-megas-security-system/)
Meldium (https://www.meldium.com/security)
Meraki (http://www.meraki.com/trust/#srp)
Microsoft (http://www.microsoft.com/security/msrc/report/bountyprograms.aspx)
Microsoft (Online Services) (http://technet.microsoft.com/en-us/security/cc308589)
Moodle (https://moodle.org/mod/forum/view.php?f=996&showall=1)
Motorola (http://www.motorolasolutions.com/US-EN/About/Security%20Vulnerability)
Mozilla (http://www.mozilla.org/security/bug-bounty.html)
Netflix (http://support.netflix.com/en/node/6657#gsc.tab=0)
OpenBSD (http://www.openbsd.org/security.html)
Opera (http://my.opera.com/securitygroup/blog/2010/02/18/what-is-a-browser-security-issue-anyway)
Oracle (http://oracle.com/technetwork/topics/security/securityfixlifecycle-086982.html)
Orkut (http://www.google.com/about/appsecurity/reward-program/)
Paypal (https://www.paypal.com/us/webapps/mpp/security/reporting-security-issues)
Pidgin (http://pidgin.im/security/)
Pinterest (https://bugcrowd.com/pinterest/?utm_source=the-list&utm_medium=list-link&utm_campaign=pinterest)
Prezi (http://prezi.com/bugbounty/)
Qmail (http://cr.yp.to/djbdns/guarantee.html)
Qualcomm (https://www.qualcomm.com/connect/contact/security/product-security)
Rackspace (http://www.rackspace.com/information/legal/rsdp)
Reddit (http://code.reddit.com/wiki/help/whitehat)
RedHat (https://access.redhat.com/knowledge/articles/66234)
Salesforce (http://www.salesforce.com/company/privacy/security.jsp#vulnerability)
Sony (https://secure.sony.net/)
Symantec (http://www.symantec.com/security/)
Telegram (https://telegram.org/crypto_contest)
Tuenti (http://corporate.tuenti.com/en/dev/hall-of-fame)
Twitter (https://twitter.com/about/security)
Typo3 (http://typo3.org/teams/security/)
XMind (http://www.xmind.net/bugbounty/)
Yahoo (http://bugbounty.yahoo.com/)
Yandex (http://company.yandex.com/security/index.xml)
YouTube (http://www.google.com/about/appsecurity/reward-program/)
Zencash (https://www.zencash.com/security)
Zendesk (http://www.zendesk.com/company/responsible-disclosure-policy)
Zimbra (http://telligent.com/support/w/security_prgm/41844.zimbra-responsible-disclosure-policy.aspx)
Zynga (http://company.zynga.com/security/whitehats)



http://4.bp.blogspot.com/-vIi5MSB3VKg/VBgriIQxMiI/AAAAAAAANV8/rxn3MpKbF3E/s400/bug.jpg

Fuente: BugCrowd (https://bugcrowd.com/list-of-bug-bounty-programs)