BountyGraph aims to incentivize security research into important projects by paying hackers competitively+ Get Started
BountyGraph allows your organization to invest in the security of its most important dependencies+ Get Started
BountyGraph rewards projects for fixing vulnerabilities in a timely way, and can triage reports for free+ Get Started
BountyGraph facilitates bug bounties and security audits for free and open-source software dependencies. Our goal is to strongly incentivize security research into software that has traditionally lacked the funding for a dedicated security budget, but that must be secure. We want to ensure that immediately reporting and fixing vulnerabilities is the most financially attractive option for security researchers.
Vulnerabilities are reported to programs either through the BountyGraph ticket system or via email. Once a vulnerability has been fixed and a corresponding patch released, the BountyGraph team notifies the organizations sponsoring the project, who may then issue bounties to the hacker and project developers.
BountyGraph first receives a price quote from an established security consulting firm. The terms and planned deliverables of the audit are made public. Once funds have been raised, the audit occurs, and the results are privately shared with the project maintainers. Once a patch is available, the final report and any other deliverables are released publicly.