Multiply the impact of your security budget

Together, we can fund security audits and bug bounties that keep everyone more secure.

Our goal is to eliminate security vulnerabilities in the free and open-source software your organization depends on.

Get Started

Choose BountyGraph

For Hackers

BountyGraph aims to incentivize security research into important projects by paying hackers competitively

+ Get Started

For Companies

BountyGraph allows your organization to invest in the security of its most important dependencies

+ Get Started

For Projects

BountyGraph rewards projects for fixing vulnerabilities in a timely way, and can triage reports for free

+ Get Started

What is BountyGraph?

Crowdfunded Audits and Bounties

BountyGraph facilitates bug bounties and security audits for free and open-source software dependencies. Our goal is to strongly incentivize security research into software that has traditionally lacked the funding for a dedicated security budget, but that must be secure. We want to ensure that immediately reporting and fixing vulnerabilities is the most financially attractive option for security researchers.

Two Ways to Keep Projects Secure

Crowdfunded Bug Bounties

Vulnerabilities are reported to programs either through the BountyGraph ticket system or via email. Once a vulnerability has been fixed and a corresponding patch released, the BountyGraph team notifies the organizations sponsoring the project, who may then issue bounties to the hacker and project developers.

Professional Audits

BountyGraph first receives a price quote from an established security consulting firm. The terms and planned deliverables of the audit are made public. Once funds have been raised, the audit occurs, and the results are privately shared with the project maintainers. Once a patch is available, the final report and any other deliverables are released publicly.

Ready to get started?

Sign Up FAQ Contact Us