GitHub

GitHub offers a bounty program that covers a wide array of its properties, including the API, enterprise app, and main rails site (https://github.com/), with payouts ranging from $555 to $20,000 for most of those targets.

One neat feature of the GitHub program is that each participant who successfully submits a bounty receives a profile page that – in addition to showing the points they've accumulated, rank, and earned badges – lists their reported vulnerabilities with a short technical blurb about each one. Like the published submission reports on other platforms, any technical detail about a successfully-discovered vulnerability is an invaluable insight into winning strategies, both in general and for the site in question.

And if you're looking to parlay finding bugs into a larger career in security, profile pages such as the ones offered by GitHub, Bugcrowd, and HackerOne can be great bullet points on your resume.