HackerOne's top 20 public bug bounty programs

The unquestionable leader on the HackerOne platform is Verizon Media's bug bounty program, which currently ranks #1 in all-time bounties paid (over $4 million), #1 in hackers the company thanked (1,124), and #1 in most bug reports resolved (5,269).

Ranking second on HackerOne is Uber's bug bounty program, which paid over $1,795,000 in bounties and resolved 1,172 bugs in its products, among many other things.

Despite arriving on the platform last September, PayPal has established itself as one of the leading bug bounty programs on HackerOne, and is currently credited with paying the highest bug bounty reward on the platform, with a payout of $30,000.

Ranked #4 on HackerOne with total payouts of over $1.1 million, Shopify is also ranked #1 in having the shortest payout time, with only two days from resolving a bug to paying a security researcher.

With one of the oldest programs on HackerOne, launched in May 2014, Twitter has paid over $1.1 million in to security researchers in bug bounties.

Arriving on HackerOne after the Meltdown and Spectre vulnerability disclosure debacle, Intel has established itself as the most important program on the platform, ranking #6 overall,and  paying researchers a total of over $800,000 in bug bounties.

Ranking #7 is Airbnb with over $600,000 in paid bounties, 508 resolved reports, and 257 thanked researchers.

Ranking #8 is Airbnb with over $600,000 in paid bounties, 765 resolved reports, and 511 thanked researchers.

One of the more recent programs to arrive on HackerOne is Valve. Despite this, the company managed to rank #9 overall, with $570,000 in paid bounties, and a top reward of $20,000 -- enough to rank in the top 5 of largest bounties paid on the platform.

Ranking #10 is code hosting platform GitLab with over $570,000 in paid bounties, 318 resolved reports, and 162 thanked researchers.

While GitHub may be above GitLab in popularity, it ranks under its competitor on the HackerOne ranking, one spot below, on #11.

Ranking #12 is Slack with a total of over $420,000 in paid bounties, 838 resolved reports, and 420 thanked researchers.

The last place you'd expect to find Starbucks is on HackerOne's top 20 bug bounty programs, but here it is, on #13 with over $300,000 in paid bounties for bugs reported in its web and mobile apps.

Despite ranking #14, Mail.ru has rounded up some accolades on HackerOne. The Russia-based email provider is in the top 5 for fastest response time, top 5 most hackers thanked, top 5 fastest time to pay out bounties, and the top 5 most resolved reports.

Ranking #15 is ride-sharing platform Grab with a total of over $300,000 in paid bounties, 328 resolved reports, and 200 thanked researchers.

Ranked #16 is cryptocurrency trading platform Coinbase with over $300,000 in paid bounties and a top bounty of $20,000.

Ranked #17 on HackerOne's ranking is Snapchat. The company's lauded for having a first response time to new bug reports of under a day.

#18 is HackerOne itself, which also runs its own bug bounty program on its own platform and has paid researchers quite a few rewards since November 2013, when it first launched.

#19 is one of HackerOne's early adopters, file-sharing platform Dropbox. The company can boast with over $275,000 in paid bounties and a top bounty of $23,058.

Russian social platform VK is ranked #20 on HackerOne's top public bug bounty programs with over $265,000 in paid rewards, 379 thanked hackers, and 630 resolved reports.