We've added a new filter that lets you discover SaaS companies running paid bug bounty programs. You can browse the full list at SaaS with bug bounty programs, or read on to learn how it works and why it matters.

Why bug bounty data matters

Bug bounty programs are a strong signal of a company's commitment to security. For security researchers, knowing which SaaS companies offer paid bounties helps prioritize where to spend their time. For investors and buyers, the presence of a bug bounty program indicates mature security practices.

We detect bug bounty programs through two methods. First, when we check a site's homepage during our regular online checks, we look for links containing keywords like "bug-bounty", "responsible-disclosure", and "vulnerability-disclosure". Second, when we process a site's sitemap, we scan for URLs matching those same patterns. Both methods feed URLs into our site pages pipeline, where we fetch the page content and use AI to extract program details.

What we extract

Our AI extraction focuses specifically on paid programs with monetary rewards. For each program, we extract the platform (HackerOne, Bugcrowd, Intigriti, and others), payout ranges, currency, and scope (web, mobile, API, infrastructure). Programs that only offer swag, hall-of-fame mentions, or other non-monetary rewards are excluded from the filter.

How to use it

Head to the bug bounty programs page to browse all SaaS companies with paid programs. You can also combine the bug bounty filter with other filters like category, country, or company size to narrow down your search. Security researchers can use the payout range filters to find programs that match their desired reward level.

You can also browse bug bounty programs by category or country to find opportunities in specific industries or regions.

Filter by date discovered

We have added a "Bug Bounty Discovered At" filter that lets you find programs by when we first detected them. Newly discovered programs are more likely to have undiscovered vulnerabilities, making them ideal targets for security researchers looking for low-hanging fruit. Sort by the most recently found programs to stay ahead of other researchers.

For a full overview of how SaaS Browser can help security researchers, visit our Bug Bounties use case page.