Submit a Program

Know a company that runs its own bug bounty or responsible disclosure program? Fill in what you know - we'll handle the rest.

Use the form below to add an independent bug bounty or responsible disclosure program to the directory. Only the company name and program URL are required, but more detail helps researchers know what they're walking into.

Essentials required The basics. Only company and program URL are required.

Company *

Display name of the company that runs the program.

Program URL *

Canonical program or security page URL.

Contact

Email or URL for reaching the security team.

Description

Up to 500 characters.

Program details

Rewards

Tick everything the program offers.

*bounty *recognition *swag

Program type

Status

Safe harbor

Allows disclosure

Scope Where researchers can and can't test.

Domains

In-scope domains, one per line.

Structured scope

Targets with asset type. Pick a type for each row.

Out of scope

Excluded targets or categories, one per line.

Requires account

Does testing need an account on the target?

Payouts Numbers only. Leave any blank if the program doesn't publish them.

Minimum payout

Maximum payout

Currency

ISO currency code.

Payout - critical

Payout - high

Payout - medium

Payout - low

Swag details

Disclosure & policy

Testing policy URL

Response SLA days

Disclosure timeline days

Legal terms URL

Hall of fame URL

Reporting URL

Submission endpoint, if different from program URL.

Other

PGP key URL

Preferred languages

Standards

One standard per line.

I confirm the information is accurate and only includes publicly documented program details.

Submit your program

Pick the option that works best for you. All three end up in the same place: a pull request adding your program to independent-programs.yml.

Preview YAML output

Add this entry into independent-programs.yml in alphabetical order by company name, then open a pull request.

- {}

Preview issue body

This is the raw text that gets posted to the GitHub issue. Useful if you'd rather paste it manually.

### Company

_No response_

### Program URL

_No response_

### Contact

_No response_

### Description

_No response_

### Rewards

- [ ] *bounty
- [ ] *recognition
- [ ] *swag

### Program type

_No response_

### Status

_No response_

### Safe harbor

_No response_

### Allows disclosure

_No response_

### Domains

_No response_

### Structured scope

_No response_

### Out of scope

_No response_

### Excluded methods

- [ ] dos
- [ ] social_engineering
- [ ] phishing
- [ ] physical_access
- [ ] automated_scanning

### Requires account

_No response_

### Minimum payout

_No response_

### Maximum payout

_No response_

### Currency

_No response_

### Payout - critical

_No response_

### Payout - high

_No response_

### Payout - medium

_No response_

### Payout - low

_No response_

### Swag details

_No response_

### Testing policy URL

_No response_

### Response SLA days

_No response_

### Disclosure timeline days

_No response_

### Legal terms URL

_No response_

### Hall of fame URL

_No response_

### Reporting URL

_No response_

### PGP key URL

_No response_

### Preferred languages

_No response_

### Standards

_No response_

### Confirmation

- [X] I confirm the information is accurate and I have included only publicly documented program details.