Democratizing Security, One Contribution at a Time

Today, we're excited to announce the launch of the ProjectDiscovery OSS Bounty Program, a new initiative to reward meaningful contributions to our open-source security tools.

The Vision

At ProjectDiscovery, we've always believed that security should be accessible to everyone. Our tools are used by researchers, defenders, and builders worldwide. From Fortune 500 security teams to independent bug bounty hunters, from government agencies to open-source enthusiasts, our community spans the globe. They're open source because we believe the best security tools should be available to all, not locked behind enterprise paywalls.

But open source isn't just about making code available. It's about building together.

The security community is global. Talented researchers and developers exist in every corner of the world. From São Paulo to Singapore, from Lagos to London, from Jaipur to Diyarbakir. Yet, barriers to participation remain: geographic limitations, lack of formal credentials, or simply not knowing where to start.

The OSS Bounty Program is our answer to this challenge.

What We're Launching

Starting today, contributors can earn rewards for:

Bounty amounts vary by complexity and impact; each issue shows the reward upfront. Every contribution that makes our tools better deserves recognition.

How It Works

We've designed the program to be straightforward:

No formal applications. No gatekeeping. If you can ship quality code that improves our tools, you're in.

Why Now?

Over the past few years, we've seen incredible contributions from our community. Researchers have found and reported vulnerabilities. Developers have submitted patches that made Nuclei faster and more reliable. Community members have improved our documentation and templates.

Many of these contributions came from individuals who weren't part of any formal program; they simply cared about making security tools better.

We want to do more for these contributors. The OSS Bounty Program formalizes our commitment to recognizing and rewarding the people who help build ProjectDiscovery.

Our Commitment

This program is built on a few core principles:

Transparency - Bounty amounts are clearly stated. Evaluation criteria are public. Decisions are explained.
Fairness - Anyone can participate, regardless of location, background, or credentials. Quality of contribution is what matters.
Respect - We value your time. We commit to timely reviews, clear communication, and prompt payment.
Community - This isn't transactional. We're building a community of contributors who share our mission of democratizing security.

What's In Scope

The program currently covers our major open-source projects:

Additional repositories may be added over time. Look for the bounty label to identify eligible issues.

Get Started

Ready to contribute? Here's how:

A Note on Security Research

For security vulnerabilities, we maintain a separate responsible disclosure process. Please report security issues privately to [email protected] before any public disclosure. We're committed to working with researchers in good faith and will not pursue legal action against those who follow responsible disclosure practices.

Security bounties are evaluated based on severity, impact, and quality of the report. Critical vulnerabilities in our core tools can receive meaningful rewards.

Join Us

Security shouldn't be a privilege. The best tools should be open. The best contributors should be rewarded, no matter where they come from.

If you believe in open-source security for everyone, we welcome you.

Happy Hacking!

The ProjectDiscovery Team