A bug in a dependency can leave thousands of companies vulnerable

But many open-source projects don't have the financial resources for a bug bounty program or a professional security audit.

Fund Bounties and Audits

By pooling money from the many organizations that use a piece of software, BountyGraph multiplies the impact of your security budget. As a project gets more popular, the bounties get bigger, and professional audits become more accessible.

Safer Disclosure

BountyGraph helps projects disclose vulnerabilities in a way that keeps everyone safer. Our goal is to make reporting a bug immediately the most attractive option for security researchers.