Becoming a Researcher

Bug bounty programs provide opportunities for you to find and responsibly disclose vulnerabilities to companies. In return, companies reward you for your contributions to acknowledge your efforts. Over time, you can build up your reputation as a highly qualified and reliable security researcher while earning cash, points, and swag.

Who can be a researcher

Anyone can sign up to be a researcher. To become a researcher, you need to create an account.

Researchers can participate in any public bounty program that we run. However, some private programs may require that you go through identity verification before you can participate.

What rewards can I get

There are two main rewards:

  • Points: The Bugcrowd platform awards you these when you submit a valid vulnerability. The more points that you accumulate, the better chance you have of making it onto our Leaderboard and the Hall of Fame for a particular program.
  • Monetary: Financial compensation that you receive from a company when you submit a valid vulnerability to their bounty program.

For more information on rewards, see our page on getting rewarded.

You can also earn cool gear and Swag with qualifying submissions, through our current programs for researcher incentives.

What are the rules

Before you get started, we strongly recommend that you read our code of conduct and standard disclosure terms to understand what is expected behaviour, before joining the Crowd and participating in programs.

How will I be evaluated and measured

Each time you participate in a program and submit a valid vulnerability report, you have an opportunity to earn build your stats and reputation on the Bugcrowd platform.

Your stats are a reflection of the quality of your written reports, the impact of your discoveries, your activity level, and the reputation you’ve built by following all of our terms and conditions:

How do I create an account

  1. Go to https://bugcrowd.com/user/sign_up.

  2. Fill out the form to create your account.

    login-fill-form

  3. Choose whether or not you want to make your profile publicly available. You can always adjust this later if you change your mind.

    researcher-pub

  4. Read and agree to the terms and conditions.

    terms-conditions-agree

    The Bugcrowd platform will send an e-mail that contains confirmation instructions for your account.

    confirm-email

    Follow the instructions outlined in the e-mail to finish creating your account. After you’ve validated your email, you can log in to Bugcrowd and start reporting vulnerabilities.

Welcome to the Crowd


Account Management
Program Management
Submission Management
Receiving Rewards