Becoming a Researcher

Bug bounty programs provide opportunities for you to find and responsibly disclose vulnerabilities to companies. In return, companies reward you for your contributions to acknowledge your efforts. Over time, you can build up your reputation as a highly qualified and reliable security researcher while earning cash, points, and swag.

Who can be a researcher

Anyone can sign up to be a researcher. To become a researcher, you need to create an account.

Researchers can participate in any public bounty program that we run. However, some private programs may require that you go through identity verification before you can participate.

What rewards can I get

There are two main rewards:

  • Points: The Bugcrowd platform awards you these when you submit a valid vulnerability. The more points that you accumulate, the better chance you have of making it onto our Leaderboard and the Hall of Fame for a particular program.
  • Monetary: Financial compensation that you receive from a company when you submit a valid vulnerability to their bounty program.

For more information on rewards, see our page on getting rewarded.

You can also earn cool gear and Swag with qualifying submissions, through our current programs for researcher incentives.

What are the rules

Before you get started, we strongly recommend that you read our code of conduct and standard disclosure terms to understand what is expected behaviour, before joining the Crowd and participating in programs.

How will I be evaluated and measured

Each time you participate in a program and submit a valid vulnerability report, you have an opportunity to earn build your stats and reputation on the Bugcrowd platform.

Your stats are a reflection of the quality of your written reports, the impact of your discoveries, your activity level, and the reputation you’ve built by following all of our terms and conditions:

How do I create an account

For information about how to create your account, see researcher onboarding.