Registrar.gov: Bug Bounty Program

This is the .gov registrar, where .gov domains are managed.

  • $100 – $3,500 per vulnerability
  • Partial safe harbor
Submit report

Program stats

  • Vulnerabilities rewarded 3
  • Validation within 1 day 75% of submissions are accepted or rejected within 1 day

Latest hall of famers

View the hall

Recently joined this program

146 total

Bug Bounty Program Scope:

Below is a list of in-scope and out-of-scope servers and websites, and a list of eligible and ineligible vulnerabilities to help guide your research. If you are unsure whether a service or vulnerability will qualify you for a bounty or not, feel free to ask support@bugcrowd.com.

Scope and rewards

Program rules

This program follows Bugcrowd’s standard disclosure terms.

For any testing issues (such as broken credentials, inaccessible application, or Bugcrowd Ninja email problems), please email support@bugcrowd.com. We will address your issue as soon as possible.

This program does not offer financial or point-based rewards for P5 — Informational findings. Learn more about Bugcrowd’s VRT.