HackerOne's top 20 public bug bounty programs

16 of 20 NEXT PREV

Verizon

The unquestionable leader on the HackerOne platform is Verizon's bug bounty program, which currently ranks #1 in all-time bounties paid (over $4 million), #1 in hackers the company thanked (1,124), and #1 in most bug reports resolved (5,269).

Published: June 20, 2019 -- 00:39 GMT (17:39 PDT)
Caption by: Catalin Cimpanu
Uber

Ranking second on HackerOne is Uber's bug bounty program, which paid over $1,795,000 in bounties and resolved 1,172 bugs in its products, among many other things.

Published: June 20, 2019 -- 00:39 GMT (17:39 PDT)
Caption by: Catalin Cimpanu
PayPal

Despite arriving on the platform last September, PayPal has established itself as one of the leading bug bounty programs on HackerOne, and is currently credited with paying the highest bug bounty reward on the platform, with a payout of $30,000.

Published: June 20, 2019 -- 00:39 GMT (17:39 PDT)
Caption by: Catalin Cimpanu
Shopify

Ranked #4 on HackerOne with total payouts of over $1.1 million, Shopify is also ranked #1 in having the shortest payout time, with only two days from resolving a bug to paying a security researcher.

Published: June 20, 2019 -- 00:39 GMT (17:39 PDT)
Caption by: Catalin Cimpanu
Twitter

With one of the oldest programs on HackerOne, launched in May 2014, Twitter has paid over $1.1 million in to security researchers in bug bounties.

Published: June 20, 2019 -- 00:39 GMT (17:39 PDT)
Caption by: Catalin Cimpanu
Intel

Arriving on HackerOne after the Meltdown and Spectre vulnerability disclosure debacle, Intel has established itself as the most important program on the platform, ranking #6 overall,and paying researchers a total of over $800,000 in bug bounties.

Published: June 20, 2019 -- 00:39 GMT (17:39 PDT)
Caption by: Catalin Cimpanu
Airbnb

Ranking #7 is Airbnb with over $600,000 in paid bounties, 508 resolved reports, and 257 thanked researchers.

Published: June 20, 2019 -- 00:39 GMT (17:39 PDT)
Caption by: Catalin Cimpanu
Ubiquiti Networks

Ranking #8 is Airbnb with over $600,000 in paid bounties, 765 resolved reports, and 511 thanked researchers.

Published: June 20, 2019 -- 00:39 GMT (17:39 PDT)
Caption by: Catalin Cimpanu
Valve

One of the more recent programs to arrive on HackerOne is Valve. Despite this, the company managed to rank #9 overall, with $570,000 in paid bounties, and a top reward of $20,000 -- enough to rank in the top 5 of largest bounties paid on the platform.

Published: June 20, 2019 -- 00:39 GMT (17:39 PDT)
Caption by: Catalin Cimpanu
GitLab

Ranking #10 is code hosting platform GitLab with over $570,000 in paid bounties, 318 resolved reports, and 162 thanked researchers.

Published: June 20, 2019 -- 00:39 GMT (17:39 PDT)
Caption by: Catalin Cimpanu
GitHub

While GitHub may be above GitLab in popularity, it ranks under its competitor on the HackerOne ranking, one spot below, on #11.

Published: June 20, 2019 -- 00:39 GMT (17:39 PDT)
Caption by: Catalin Cimpanu
Slack

Ranking #12 is Slack with a total of over $420,000 in paid bounties, 838 resolved reports, and 420 thanked researchers.

Published: June 20, 2019 -- 00:39 GMT (17:39 PDT)
Caption by: Catalin Cimpanu
Starbucks

The last place you'd expect to find Starbucks is on HackerOne's top 20 bug bounty programs, but here it is, on #13 with over $300,000 in paid bounties for bugs reported in its web and mobile apps.

Published: June 20, 2019 -- 00:39 GMT (17:39 PDT)
Caption by: Catalin Cimpanu
Mail.ru

Despite ranking #14, Mail.ru has rounded up some accolades on HackerOne. The Russia-based email provider is in the top 5 for fastest response time, top 5 most hackers thanked, top 5 fastest time to pay out bounties, and the top 5 most resolved reports.

Published: June 20, 2019 -- 00:39 GMT (17:39 PDT)
Caption by: Catalin Cimpanu
Grab

Ranking #15 is ride-sharing platform Grab with a total of over $300,000 in paid bounties, 328 resolved reports, and 200 thanked researchers.

Published: June 20, 2019 -- 00:39 GMT (17:39 PDT)
Caption by: Catalin Cimpanu
Coinbase

Ranked #16 is cryptocurrency trading platform Coinbase with over $300,000 in paid bounties and a top bounty of $20,000.

Published: June 20, 2019 -- 00:39 GMT (17:39 PDT)
Caption by: Catalin Cimpanu
Snapchat

Ranked #17 on HackerOne's ranking is Snapchat. The company's lauded for having a first response time to new bug reports of under a day.

Published: June 20, 2019 -- 00:39 GMT (17:39 PDT)
Caption by: Catalin Cimpanu
HackerOne

#18 is HackerOne itself, which also runs its own bug bounty program on its own platform and has paid researchers quite a few rewards since November 2013, when it first launched.

Published: June 20, 2019 -- 00:39 GMT (17:39 PDT)
Caption by: Catalin Cimpanu
Dropbox

#19 is one of HackerOne's early adopters, file-sharing platform Dropbox. The company can boast with over $275,000 in paid bounties and a top bounty of $23,058.

Published: June 20, 2019 -- 00:39 GMT (17:39 PDT)
Caption by: Catalin Cimpanu
VK

Russian social platform VK is ranked #20 on HackerOne's top public bug bounty programs with over $265,000 in paid rewards, 379 thanked hackers, and 630 resolved reports.

Published: June 20, 2019 -- 00:39 GMT (17:39 PDT)
Caption by: Catalin Cimpanu