Amazon

Amazon has vulnerability programs for both its e-commerce and cloud services divisions.

An important point is that Amazon requires you to register and ask for permission before conducting any sort of pentesting engagement. This is critical, and a key way the company differs from some of its competitors. Instead of an open-ended participation model where, as long as you abide by the rules of engagement, you can expect immunity, Amazon enforces a permissions-first model to better contain pentesting activity and differentiate White- and Black-Hat activity.

Amazon has a multitude of white papers, blog posts, and documentation on how security works within Amazon, but less material than Facebook or Google to help with penetration testing or bug bounty participation generally.