Commercial Platforms
The GFCRC is a nonpartisan, nonprofit community and neither endorses nor evaluates any services or organizations.
Nordic Defender (SE) – https://nordicdefender.com/managed-bug-bounty
Yogosha (FR) – https://yogosha.com/
Intigriti (BE) – https://www.intigriti.com/
BugCrowd (US) – https://www.bugcrowd.com
YesWeHack (FR) – https://www.yeswehack.com/
BugBounter (EE) – https://bugbounter.com/
Bug Bounty Switzerland (CH) – https://www.bugbounty.ch/
SafeHats (IN) – https://app.safehats.com/enterprises/programs
HackenProof (EE) – https://hackenproof.com/
(Bug bounty for crypto projects)
HackerOne (US) – https://www.hackerone.com/
Synack (US) – https://www.synack.com/solutions/go-beyond-bug-bounty/
Not-for-Profit / Community Initiatives
DIVD (NL)
The Dutch Institute for Vulnerability Disclosure is a community initiative focused on the Netherlands, run by volunteers.
Open Bug Bounty (??)
Open Bug Bounty is an international nonprofit foundation, and contains links to numerous other open bug bounty initiatives and platforms
Public Sector Resources
Switzerland – NCSC
The Swiss National Cybersecurity Centre maintains:
United Kingdom – NCSC
The UK National Cybersecurity Centre provides:
European Union – ENISA
The European Union Agency for Cybersecurity (ENISA) provides a CVD good practices guide.