- Who can be a researcher
- What rewards can I get
- What are the rules
- How will I be evaluated and measured
- How do I create an account
Bug bounty programs provide opportunities for you to find and responsibly disclose vulnerabilities to companies. In return, companies reward you for your contributions to acknowledge your efforts. Over time, you can build up your reputation as a highly qualified and reliable security researcher while earning cash, points, and swag.
Who can be a researcher
Anyone can sign up to be a researcher. To become a researcher, you need to create an account.
What rewards can I get
There are two main rewards:
- Points: The Bugcrowd platform awards you these when you submit a valid vulnerability. The more points that you accumulate, the better chance you have of making it onto our Leaderboard and the Hall of Fame for a particular program.
- Monetary: Financial compensation that you receive from a company when you submit a valid vulnerability to their bounty program.
For more information on rewards, see our page on getting rewarded.
You can also earn cool gear and Swag with qualifying submissions, through our current programs for researcher incentives.
What are the rules
Before you get started, we strongly recommend that you read our code of conduct and standard disclosure terms to understand what is expected behaviour, before joining the Crowd and participating in programs.
How will I be evaluated and measured
Each time you participate in a program and submit a valid vulnerability report, you have an opportunity to earn build your stats and reputation on the Bugcrowd platform.
Your stats are a reflection of the quality of your written reports, the impact of your discoveries, your activity level, and the reputation you’ve built by following all of our terms and conditions:
How do I create an account
For information about how to create your account, see researcher onboarding.