Bug Bounty Program a well known topic is on the heat these days, known companies like: Google, Facebook, Mozilla are paying for finding a vulnerabilities on their web servers, products, services or some associated applications. Here is a list for all the Security Researchers and Bug Hunters to target all the best :)
Bug Bounty Websites for Web Application Vulnerability
Mozilla
security@mozilla.org
http://www.mozilla.org/security
http://www.mozilla.org/projects/security/security-bugs-policy.html
http://www.mozilla.org/security/announce
security@google.com
https://www.google.com/appserve/security-bugs/new?rl=xkp7zert49a5q6owod28bhr2
http://www.facebook.com/whitehat/bounty
Paypal
sitesecurity@paypal.com
https://cms.paypal.com/cgi-bin/marketingweb?cmd=_render-content&content_ID=security/reporting_security_issues
Etsy
security-reports@etsy.com
http://www.etsy.com/help/article/2463
Wordpress
http://www.whitefirdesign.com/about/wordpress-security-bug-bounty-program.html
Commonsware
http://commonsware.com/bounty.html
CCBill
http://www.ccbill.com/developers/security/vulnerability-reward-program.php
http://www.ccbill.com/developers/security/rewards.php
Vark
http://www.vark.com
Windthorstisd
http://www.windthorstisd.net/BugReport.cfm
Bug Bounty Websites for Products Vulnerability
Mozilla
http://www.mozilla.org/security
http://www.mozilla.org/security/known-vulnerabilities/firefox.html
Google Chrome
http://www.chromium.org/Home/chromium-security/vulnerability-rewards-program
Zero Day Initiative
http://www.zerodayinitiative.com
Barracuda
bugbounty@barracuda.com
http://www.barracudalabs.com/bugbounty
http://www.barracudalabs.com/bugbounty/halloffame.html
Artifex Software
http://www.ghostscript.com/Bug_bounty_program.html
Hex Rays
http://www.hex-rays.com/bugbounty.shtml
Ardour
http://ardour.org/bugbounty
Piwik
http://piwik.org/security
Hall of Fame & Responsible Disclosure Websites(No Bounties)
Microsoft
http://technet.microsoft.com/en-us/security/cc308589
http://technet.microsoft.com/en-us/security/cc308575
http://technet.microsoft.com/en-us/security/cc261624
http://www.microsoft.com/security/msrc/default.aspx
http://technet.microsoft.com/en-us/security/ff852094.aspx
Apple
product-security@apple.com
http://support.apple.com/kb/HT1318
https://ssl.apple.com/support/security/
Adobe
http://www.adobe.com/support/security/bulletins/securityacknowledgments.html
http://www.adobe.com/support/security/alertus.html
IBM
http://www-03.ibm.com/security/secure-engineering/report.html
https://twitter.com/about/security
http://support.twitter.com/groups/33-report-abuse-or-policy-violations/topics/122-reporting-violations/articles/477159-how-to-report-xss-api-and-other-security-vulnerabilities#
https://support.twitter.com/forms
Dropbox
security@dropbox.com
https://www.dropbox.com/security
https://www.dropbox.com/special_thanks
Yahoo
security@yahoo-inc.com
http://security.yahoo.com/article.html;_ylc=X3oDMTFwMGI4cDJnBF9TAzU2NTAwMDAwMgRhaWQDMjAwNjEyMDUwMQRjbmFtZQNZb3VyIFNlY3VyaXR5IG9uIFlhaG9vIQ--?aid=2006120501
Cisco
http://tools.cisco.com/security/center/home.x#~alerts
Moodle
http://moodle.org/security
Drupal
http://drupal.org/security-team
Oracle
http://www.oracle.com/us/support/assurance/reporting/index.html
Symantec
http://www.symantec.com/security
Ebay
http://pages.ebay.com/securitycenter/Researchers.html
Twilio
http://www.twilio.com/blog/2012/03/reporting-security-vulnerabilities.html
37 Signals
http://37signals.com/security-response
Salesforce
http://www.salesforce.com/company/privacy/disclosure.jsp
http://code.reddit.com/wiki/help/whitehat
Github
http://help.github.com/responsible-disclosure/
Ifixit
http://www.ifixit.com/Info/responsible_disclosure
Constant Contact
http://www.constantcontact.com/about-constant-contact/security/report-vulnerability.jsp
Zeggio
http://www.zeggio.com
Simplify
http://simplify-llc.com/simplify-security.html
Team Unify
http://www.teamunify.com/__corp__/security.php
Skoodat
http://www.skoodat.com/Security
Relaso
http://relaso.com/disclosure
Moduscsr
http://www.moduscsr.com/security_statement.php
Cloudnetz
http://cloudnetz.com/Legal/vulnerability-testing-policy.html
Emptrust
http://www.emptrust.com/Security.aspx
Apriva
http://www.apriva.com/security
Amazon
http://aws.amazon.com/security/vulnerability-reporting
SqaureUp
https://squareup.com/security/levels
G-Sec
http://www.g-sec.lu/responsible.disclosure.policy.html
Xen
security@xen.org
http://wiki.xen.org/wiki/Security_Announcements
http://www.xen.org/projects/security_vulnerability_process.html
Engine Yard
http://www.engineyard.com/legal/responsible-disclosure-policy
Lastpass
https://lastpass.com/support_security.php
RedHat
https://access.redhat.com/knowledge/articles/66234
Acquia
https://www.acquia.com/how-report-security-issue
Mahara
security@mahara.org
https://wiki.mahara.org/index.php/Security
Zynga
security@zynga.com
http://company.zynga.com/security/whitehats
Risk.io
https://www.risk.io/security
Opera
http://www.opera.com/security/policy
https://bugs.opera.com/wizarddesktop
http://my.opera.com/securitygroup/blog/2013/04/05/thanks-to-the-researchers
Owncloud
http://owncloud.org/security/policy
http://owncloud.org/security/hall-of-fame
Scorpion Soft
security@scorpionsoft.com
http://www.scorpionsoft.com/company/disclosurepolicy
Norada
http://norada.com/norada/crm/security_response
Cpaperless
http://www.cpaperless.com/securitystatement.aspx
Wizehive
http://www.wizehive.com/security
http://www.wizehive.com/special_thanks.html
Tuenti
http://corporate.tuenti.com/en/dev/hall-of-fame
Nokia Siemens
http://www.nokiasiemensnetworks.com/about-us/responsible-disclosure
Sound Cloud
http://help.soundcloud.com/customer/portal/articles/439715-responsible-disclosure
HTC
security@htc.com
http://www.htc.com/www/terms/product-security
Neohapsis
http://www.neohapsis.com/disclosure.php
Nokia
security-alert@nokia.com
http://www.nokia.com/global/security/security
http://www.nokia.com/global/security/acknowledgements
BlackBerry
secure@blackberry.com
https://www.blackberry.com/profile/?eventId=8322
http://us.blackberry.com/business/topics/security/incident-response-team/collaborations.html
Heroku
security@heroku.com
https://policy.heroku.com/security
Chargify
security@chargify.com
https://chargify.com/security
Zendesk
security@zendesk.com
http://www.zendesk.com/company/responsible-disclosure-policy
Lookout
security@lookout.com
https://www.lookout.com/responsible-disclosure
Puppetlabs
security@puppetlabs.com
http://puppetlabs.com/security
https://puppetlabs.com/security/acknowledgments
https://puppetlabs.com/blog/responsible-disclosure-of-security-vulnerabilities
Gliph
https://gli.ph/s/security.html
