(ISC)² has run a public bounty offering Kudos points and potential CPE credits for nearly two years. Read their full bounty program brief here.


Earn CPE Credits for Bug Hunting:



(ISC)² is an international, nonprofit membership association for information security leaders like you. We’re committed to helping our members learn, grow and thrive. More than 125,000 certified members strong, we empower professionals who touch every aspect of information security. Visit www.isc2.org for more information.

Our vision is supported by our commitment to educate and reach the general public through our charitable foundation – The Center for Cyber Safety and Education ™ Follow us on Twitter or connect with us on Facebook.

To maintain their certification (ISC)² members need to engage in eligible “continuing professional experience” activities, which now including bug bounty participation.

Here’s how it works:

  • Sign up to join the Bugcrowd security researchers.
  • Find a bug in one of our bounties and submit it to us.
  • If you hold a CISSP, CSSLP, SSCP, CSSLP, CAP or CCSP holder enter your (ISC)² member number and the approximate time spent finding the bug in the bug submission form.
  • The time spent on any submission which is valid and doesn’t result in a payment (i.e. any charity bounty, and non-first valid findings in a paid bounty) is a valid CPE activity.
  • If your submission is valid then, at the end of each month, we’ll submit your contribution for that month to the (ISC)².


Empower Your Security Team With a Crowd of White Hat Hackers to Find and Fix Vulnerabilities in Your Code Before the Bad Guys Do.