Bug bounties are being offered more frequently by vendors to stamp out security issues before they become widespread -- but where should researchers go to find the best return for their time and skills?
Once, before cybersecurity skills became so high in demand thanks to frequent, high-profile security breaches such as those suffered in recent times by Target, Sony and Anthem, researchers were given credit for disclosing software vulnerabilities to vendors, but often little else.
However, times have changed -- and more and more often, companies are offering financial rewards or gifts for white hat hackers who choose to disclose bugs and vulnerabilities directly to vendors, rather than selling them on through the black market for a profit.
Source: http://www.zdnet.com/article/bug-bounties-which-companies-offer-researchers-cash/
Link to the bug bounty programs list: http://www.vulnerability-lab.com/list-of-bug-bounty-programs.php
Interesting list to keep as a bookmark for those in that field
