Programs

The meta-game. Choosing the right program is a force multiplier on everything else in this playbook. A great hunter on a bad program earns less than an average hunter on a great program.

Platforms

Where the programs live. Different platforms have different engagement models - skim this section when you're deciding where to spend your hours.

Mainstream bounty platforms (generalist, most programs, direct comparison useful):

HackerOne

Largest program inventory. Signal and reputation mechanics, getting into private invites, platform fees, disclosure system.

Bugcrowd

VRT (Vulnerability Rating Taxonomy), priority queues, kudos, and how their triage differs from H1.

Intigriti

EU-heavy program list, researcher tools, triage experience.

YesWeHack

France-headquartered platform with strong European and APAC program presence. Dojo training labs, reputation system.

Specialist platforms (different model or narrower scope, not direct substitutes):

Synack

Invite-only Synack Red Team model. Mission-based work, background checks, Liquid Platinum payouts.

Immunefi

Web3-native platform. Smart contract, blockchain infrastructure, and app-layer scope. Highest single bounties in the industry. Strict rules of engagement.

Cobalt

Pentest-as-a-service, not a bounty platform. Vetted Cobalt Core pool, scoped time-boxed engagements, per-hour or per-engagement pay.

Outside the platform marketplaces:

Self-Hosted Programs

security.txt, responsible disclosure pages, programs outside the major platforms. Often less competition, sometimes less legal protection.

Chaos Project

Not a platform, a dataset. ProjectDiscovery's curated feed of in-scope targets from public programmes. Useful as recon pipeline input.

Program Selection

Once you know which platform, use these to decide which specific programmes are worth your time.

Reading Scope Documents

The scope document is a contract. What "in scope" actually means, what exclusions to watch for, how to interpret ambiguous language.

Payout Analysis

Historical payout data, bounty table analysis, using platform statistics to estimate expected value per hour on a given program.

Competition Assessment

Gauging active researcher count, duplicate rates, finding programs in the sweet spot of good payouts and moderate competition.

New Program Strategy

First blood tactics. The first 48 hours on a new program are the highest-value window. How to capitalise on it.

See Also

• Target Selection
• Business of Bounties