• Bounty Navigator
  • Posts
  • ๐Ÿš€ Bounty Navigator: Your Weekly Dose of Bug Bounty & Vulnerability Disclosure Programs

๐Ÿš€ Bounty Navigator: Your Weekly Dose of Bug Bounty & Vulnerability Disclosure Programs

Welcome to the First Issue of Bounty Navigator!

Hello, cybersecurity enthusiasts!

We're excited to present the first issue of Bug Bounty Navigator โ€“ your weekly source for bug bounty and vulnerability disclosure programs in the cybersecurity landscape. Each week, we'll bring you 10 companies with detailed information about their programs, rewards, and essential resources. Without further ado, let's dive into this week's top picks!

1. Ultimate Member

Ultimate Member welcomes security issue reports. Qualifying vulnerabilities include XSS, CSRF, SQLi, RCE, and more. DoS attacks are out of scope. Rewards range from $50 to $200 based on a DREAD score model. Reports must include a proof of concept and steps to reproduce the vulnerability. Disclosure process is mutual agreement or protective disclosure. Bounty payments are subject to eligibility requirements.


NFON's Responsible Disclosure Policy encourages reporting of security vulnerabilities in their systems, with strict guidelines on what is not allowed and out of scope, and offers rewards at their discretion.

3. Flow

Flow's vulnerability disclosure program encourages reporting of potential vulnerabilities in their assets, with guidelines for responsible disclosure. They provide communication channels for reporting, and rewards for qualifying vulnerabilities. They exclude certain types of vulnerabilities and assets from the program, and require compliance with their guidelines for rewards.

4. Ably

Ably's vulnerability disclosure program encourages researchers to report security or privacy vulnerabilities. The program uses the CVSS framework to rate the severity of a vulnerability and offers rewards ranging from $150 to $5000. The program applies to specific services and endpoints, and researchers are expected to follow reporting guidelines and avoid privacy violations or destruction of data. Ably reserves the right to modify the policy and may withhold rewards if researchers expose users to unnecessary risk or harm.

5. Dokobit

Dokobit rewards security researchers for reporting vulnerabilities in their services, with a minimum reward of โ‚ฌ100. Certain vulnerabilities are eligible for higher rewards, and bonus bounties may be awarded for valuable research. The program has specific guidelines for eligibility and responsible disclosure, and out-of-scope vulnerabilities are listed. Vulnerabilities should be disclosed to Dokobit's Cyber Incident Response Team via email

Upgrade to our Premium Daily Newsletter for even more Opportunities!

Don't miss out on valuable cybersecurity opportunities! Upgrade to our Premium Daily Newsletter and receive daily insights on 2 companies before they're featured in our free weekly newsletter. That's 14 companies per week, giving you a competitive edge in the bug hunting world. Upgrade Now

Thank you for joining us in our first issue of Bug Bounty Navigator. We hope you find these programs valuable and look forward to delivering more exciting opportunities next week. Happy hunting!

Stay safe and secure,

Colin Winhall.