840fd59ee05f601e09934f24e41ed98243dc2a3e default

The Internet

Hack all the things.

  • Bounties provided by IBB

Some of the most critical vulnerabilities in the Internet's history have been resolved thanks to efforts of researchers fueled entirely by curiosity and altruism. We owe these individuals an enormous debt and believe it is our duty to do everything in our power to demonstrate how much this research is appreciated. To that end, the Internet Bug Bounty Panel will award public research into vulnerabilities with the potential for severe security implications to the public.

Simply put: hack all the things, send us the good stuff, and we'll do our best to reward you.

The Fine Print

To qualify, vulnerabilities should meet most of the following criteria:

  • Be vendor agnostic: vulnerability is present in implementations from multiple vendors or a vendor with dominant market share. Do not send us vulnerabilities that only impact a single website, product, or project.
  • Be widespread: vulnerability manifests itself across a wide range of products, or impacts a large number of end users.
  • Be severe: vulnerability has extreme negative consequences for the general public.
  • Be novel: vulnerability is new or unusual in an interesting way.

The Panel will gladly assist with the coordinated disclosure of any potential vulnerabilities. However, we recognize that we will not be the most effective avenue in all circumstances. We will gladly consider rewards for vulnerabilities that have been publicly disclosed through some other means, provided they adhered to our disclosure guidelines.

It's important to keep in mind that not all submissions will qualify for a bounty. The decision to award a bounty is entirely at the discretion of the Internet Bug Bounty Panel.


We provide the following examples of publicly disclosed vulnerabilities that we would have rewarded:

Bounty Guidance

  • Minimum reward of $5,000 with significantly higher rewards granted at the Panel's discretion

Thanks @AllieBrosh for personifying our mission

The Internet resolved a bug that was submitted by secbro.
About 2 months ago
The Internet resolved TLS Virtual Host Confusion that was submitted by adl.
5 months ago
The Internet resolved a bug that was submitted by mohaab007.
6 months ago
The Internet resolved a bug that was submitted by rafaybaloch.
6 months ago
The Internet resolved a bug that was submitted by donb.
6 months ago
The Internet Bug Bounty rewarded donb with a $6,000 bounty for a The Internet bug: LZ4 Core (CVE-2014-4611).
8 months ago
The Internet resolved LZ4 Core that was submitted by donb.
8 months ago
The Internet published their program on HackerOne.
Over 1 year ago
  • $5,000
    Minimum bounty
  • $66,500
    Paid to hackers
  • 13
    Hackers thanked
  • 15
    Bugs closed