About BugBountyScam

Our Mission

BugBountyScam exists to protect security researchers from bug bounty programs that act in bad faith. When a program patches a reported vulnerability but refuses to pay, marks a valid report as a false duplicate, retroactively narrows scope, ghosts a submission, or bans a researcher after fixing their bug — that experience deserves to be on the record. We give the community a shared, searchable memory of how programs actually treat the people who report to them.

How It Works

A researcher submits a report describing what happened, with evidence where possible.
Every submission is reviewed before publishing — low-effort, abusive, or clearly false entries are rejected.
Published reports are grouped by program so anyone can see a company's full track record at a glance.
The community votes and comments, and the Wall of Shame ranks the most-reported programs.
Companies named in reports can reach out to add context or request review.

Why We Built This

Bug bounty platforms hold most of the leverage. Researchers spend hours or days on a finding and have little recourse when a program decides not to honor it. Individual complaints scattered across social media are easy to ignore and easy to bury. Collected in one place, they become accountability. Before investing time in a program, a researcher can check its reputation here first.

This project is run anonymously and is not affiliated with any bug bounty platform. It is a community publishing platform for first-hand researcher experiences. Reach us at admin@bugbountyscam.com.

BugBountyScam.com · Contact: admin@bugbountyscam.com