Bug Bounty Programs

Want to try a new technique or methodology on private bug bounty programs? Submit your research, get invited to private programs, and start collecting bounties.

EURid vzw is the registry operator of the .eu, .ею (Cyrillic script) and .ευ (Greek script) country code top-level domains (ccTLD) upon the appointment of the European Commission since 2003. As the registry operator, our biggest concern and priority is the stability and security of the .eu namespace. We also develop and maintain YADIFA since 2012, a lightweight authoritative Name Server with DNSSEC capabilities.

The 9altitudes Vulnerability Disclosure Program (VDP) program to review no-bounty assets. 9altitudes is a European player with the main office in Belgium providing digital transformation for our customers focused on 3 main industry clusters – manufacturing, services, and wholesale & distribution. As a Microsoft Gold partner, we are mostly Microsoft-oriented with some own-IP and are an ever-expending organization by way of merge & acquisition.

The national project “eHealth Hubs & MetaHub” coordinated by the eHealth platform is meant to make medical results from hospitals (and in the near future medical laboratories) available to any caregiver who currently is treating the patient . For detailed information see https://www.ehealth.fgov.be/nl/zorgverleners/online-diensten/hubs-metahub and the URL in the next paragraph. This system supplements the traditional system of addressed ‘email type’ communication to individual referrers. Before medical data about a patient can be shared, that patient has to grant the ‘eHealth informed consent’ (see http://www.patientconsent.be ). Further, care providers declare a therapeutic relationship with the patient. Communication between the hubs and between external physicians and a hub is according to the KMEHR standard: https://www.ehealth.fgov.be/standards/kmehr/content/page/web-services The scope of this project is confined to the hub exploited by VZNKUL (Vlaams Ziekenhuis Netwerk KU Leuven) implementation of this hub system. The central metahub hub from the Belgian government, the other hubs, and the systems at other partners of this project are out of scope.

House of HR is a leading HR services group active all over Europe. Our entrepreneurial spirit drives us to provide specialized solutions in two key segments: Specialized Talent Solutions and Engineering & Consulting. Our decentralized model empowers rapid decision-making across our Powerhouses. If you find a security bug in one of our apps, this is the place to report it! Happy hunting! 🏹

Axel Springer SE, headquartered in Berlin, is a leading digital publisher known for its wide range of news outlets, magazines, and classifieds. Embracing digital innovation and transformation, the company prioritizes data protection and system integrity. To bolster its digital ecosystem's security, Axel Springer runs a vulnerability disclosure bug bounty program, encouraging cybersecurity experts to find and report vulnerabilities in its digital environment.

Yacht is number one in connecting professionals.

BMC is number one in connecting professionals

Randstad is the global leader in the HR services industry. By combining our passion for people with the power of today’s intelligent machines, we support people and organizations in realizing their true potential.

With more than 6,900 employees worldwide, SIXT combines global car rental and local share solutions, ride hailing-services as well as car subscriptions in one of the world’s largest mobility platforms. With just one app – the SIXT App – we offer our customers digital access to more than 200,000 vehicles and around 1.5 million connected drivers in approximately 110 countries worldwide. Besides its own range of vehicles, SIXT also integrates services from more than 1,500 mobility partners.

Cloudways by DigitalOcean is a managed web hosting platform that specialises in providing an easy-to-manage environment for web applications.

At KU Leuven, we are committed to ensuring the integrity of our Housing Application Program. This program allows both new and returning students to apply for a room in KU Leuven Central Services Residences, helping them find the right accommodation. As with all our platforms, we recognize that vulnerabilities can exist, and we encourage researchers to report any security issues they may discover within this application. If you identify a vulnerability while using the application, please follow our disclosure guidelines to report it safely and responsibly. Your contributions help us maintain a secure and seamless experience for all students!

VULNERABILITY DISCLOSURE PROGRAM (VDP) Above all else, University Hospital Zurich is committed to the care and improvement of human life. Part of that mission is to protect our patients, people, systems, and facilities. We want encourage security researchers to feel comfortable reporting vulnerabilities they’ve discovered to us in good faith.

PeopleCert is the global leader in the assessment and certification of professional and language skills, partnering with multi-national organisations and government bodies to develop and deliver market leading exams worldwide. This policy is intended to give security researchers clear guidelines for conducting vulnerability discovery activities.

Revolut is a financial technology company that offers banking services. It offers accounts featuring currency exchange, debit cards, virtual cards, interest-bearing "vaults", commission-free stock trading, crypto, commodities, and other services to over 60M customers. Please visit our website for more information: www.revolut.com

Welcome to the Responsible Vulnerability Disclosure Program of Citymesh. Citymesh is one of the Telecommunication Operators in Belgium. Citymesh helps its customers with the implementation, integration, and maintenance of network infrastructure. Citymesh wants to offer its customers quality connectivity solutions that help them achieve their business goals.

Since 2010, Speakap has helped more than 400 companies across 120 countries, 42 languages, and many time zones, reach their full potential with more productive employees. With an award-winning, easy-to-use employee app, Speakap empowers company leaders to share the right content with the right people at the right time. Speakap boasts very high adoption rates with users logging in almost 6x a day for 50+ seconds per time.

Tempo-Team offers daily new and varied jobs for every level and field.

The BMW Group looks forward to working with the security community to find vulnerabilities in order to keep its products and customers safe and secure. We are committed to working with you to verify, reproduce, and respond to legitimate reported vulnerabilities covered by this policy. Within this program bounties can be received by reporting vulnerabilities that are in the scope of program and marked as “Eligible”. Please take note of the current scope outlined below.

All life needs water. Both people, their company and their environment must at all times have water in the right quantity, of the right quality, at the right time. This water must be supplied within the safety of well-thought-out infrastructures for supply and discharge of water. Water-link wants to inspire everyone to fully tap into the strengths of water. Water-link is a Flemish public organisation that directly or indirecty provides drink water to more than 3 million people.

True Vikings never entered the battlefield without their helmets. And we believe a secure environment, just like free access to open communication, is a worldwide human right. But even the best Viking Drakkars may sometimes encounter vulnerabilities. Brave sailors who discover leaks should be honored - not executed. Together with you and our broad community, we want to create a secure and safe environment for everyone.

Responsible Disclosure indicates ING’s continued commitment to improve its security posture. As part of this process, we work closely with security researchers to identify and report vulnerabilities they find within our systems. ING appreciates security researchers efforts in reporting vulnerabilities on its systems as long as the discovered vulnerability is in scope, detected without the use of intrusive testing techniques, and follows the disclosure guidelines below:

twago operates itprojects.talent-community.com talents can sign up, join pools and apply for jobs or projects.

As a pioneering force in the business travel sector, our company has redefined the landscape of corporate lodging and travel management through our innovative Lodging-As-A-Service platform. We facilitate seamless and secure experiences in lodging procurement, workspace management, and financial transactions for our global clientele. In an era marked by rapid technological advancements and stringent data protection standards, our commitment to maintaining robust information security is not only a regulatory mandate but a cornerstone of our customer trust and business excellence. Our purpose is to revolutionize the business travel experience through our Lodging-As-A-Service platform, providing seamless, secure, and efficient lodging management, workspace solutions, and payment processing for businesses operating globally.