A bug bounty program is a deal offered by many websites, organizations, and software developers by which individuals can receive recognition and compensation[1][2] for reporting bugs, especially those pertaining to security exploits and vulnerabilities.[3]
These programs allow the developers to discover and resolve bugs before the general public is aware of them, preventing incidents of widespread abuse and data breaches. Bug bounty programs have been implemented by a large number of organizations, including Mozilla,[4][5] Facebook,[6] Yahoo!,[7] Google,[8] Reddit,[9] Square,[10] Microsoft,[11][12] and the Internet bug bounty.[13]
Companies outside the technology industry, including traditionally conservative organizations like the United States Department of Defense, have started using bug bounty programs.[14] The Pentagon's use of bug bounty programs is part of a posture shift that has seen several US Government Agencies reverse course from threatening white hat hackers with legal recourse to inviting them to participate as part of a comprehensive vulnerability disclosure framework or policy.[15]
^"The Hacker-Powered Security Report - Who are Hackers and Why Do They Hack p. 23" (PDF). HackerOne. 2017. Retrieved June 5, 2018.
^Ding, Aaron Yi; De Jesus, Gianluca Limon; Janssen, Marijn (2019). "Ethical hacking for boosting IoT vulnerability management". Proceedings of the Eighth International Conference on Telecommunications and Remote Sensing. Ictrs '19. Rhodes, Greece: ACM Press. pp. 49–55. arXiv:1909.11166. doi:10.1145/3357767.3357774. ISBN 978-1-4503-7669-3. S2CID 202676146.
^Weulen Kranenbarg, Marleen; Holt, Thomas J.; van der Ham, Jeroen (November 19, 2018). "Don't shoot the messenger! A criminological and computer science perspective on coordinated vulnerability disclosure". Crime Science. 7 (1): 16. doi:10.1186/s40163-018-0090-8. ISSN 2193-7680. S2CID 54080134.
^"Mozilla Security Bug Bounty Program". Mozilla. Retrieved July 9, 2017.
^Cite error: The named reference Mozilla was invoked but never defined (see the help page).
^"Yahoo! Bug Bounty Program". HackerOne. Retrieved March 11, 2014.
^"Vulnerability Assessment Reward Program". Retrieved March 11, 2014.
^"Reddit - whitehat". Reddit. Retrieved May 30, 2015.
^"Square bug bounty program". HackerOne. Retrieved August 6, 2014.
^"Microsoft Bounty Programs". Microsoft Bounty Programs. Security TechCenter. Archived from the original on November 21, 2013. Retrieved September 2, 2016.
^Cite error: The named reference Microsoft was invoked but never defined (see the help page).
^HackerOne. "Bug Bounties - Open Source Bug Bounty Programs". Retrieved March 23, 2020.
^"The Pentagon Opened up to Hackers - And Fixed Thousands of Bugs". Wired. November 10, 2017. Retrieved May 25, 2018.
^"A Framework for a Vulnerability Disclosure Program for Online Systems". Cybersecurity Unit, Computer Crime & Intellectual Property Section Criminal Division U.S. Department of Justice. July 2017. Retrieved May 25, 2018.
and 23 Related for: Bug bounty program information
A bugbountyprogram is a deal offered by many websites, organizations, and software developers by which individuals can receive recognition and compensation...
example. On July 29, 2011, Facebook announced an effort called the "BugBountyProgram" in which certain security researchers will be paid a minimum of $500...
Open BugBounty is a non-profit bugbounty platform established in 2014. The coordinated vulnerability disclosure platform allows independent security...
it was one of the largest bugbounty and vulnerability disclosure companies on the internet. Bugcrowd runs bugbountyprograms and also offers a range of...
data, or damage the program. Bugbountyprograms, including Zerodium, pay bounties for knowledge of these security flaws. The programs contract with governments...
2017). "BugBounty anniversary promotion: bigger bounties in January and February". GitHub. Retrieved February 24, 2017. The GitHub BugBountyProgram is turning...
pioneering bugbounty and coordinated vulnerability disclosure. As of December 2022, HackerOne's network had paid over $230 million in bounties. HackerOne's...
into bugbountyprograms and has reported several critical vulnerabilities in several open-source web applications as well as in bugbountyprograms. Baloch...
software bug is bug in computer software. A computer program with many or serious bugs may be described as buggy. The effects of a software bug range from...
of compromised user data. Later in December, Grammarly launched a bugbountyprogram on HackerOne, offering a US$100,000 reward to the first white hat...
additional privacy protections. On July 29, 2011, Facebook announced its BugBountyProgram that paid security researchers a minimum of $500 ($677.00 in 2023...
29, 2019, NordVPN announced additional audits and a public bugbountyprogram. The bugbounty was launched in December 2019, offering researchers monetary...
Debugging, the finding and resolving software bugsBugbountyprogram, rewards offered to a those who identify bugs related to security and other vulnerabilities...
Open Technology Fund would be sponsoring a bugbountyprogram that was coordinated by HackerOne. The program was initially invite-only and focuses on finding...
a vocal critic of Apple concerning its bugbountyprogram for iOS announced in 2016. The invite only program has been accused of low payouts. Beer has...
DJI fumbled its bugbountyprogram and created a PR nightmare". Cyberscoop. Popper, Ben (20 November 2017). "DJI's bugbountyprogram starts with a stumble"...
account. In May 2013, PayPal declined to pay a reward offered in its BugBountyProgram to a 17-year-old German student who had reported a cross-site scripting...
December 15, 2010, Mozilla added Web Applications to its Security BugBountyProgram. Firefox supports tabbed browsing, which allows users to open several...
stolen user data from the dark web after Zomato agreed to start a bugbountyprogram. Started in 2014 by Ankit Kawatra, Feeding India is a nonprofit organisation...
team reported that 60% of Linux kernel exploits submitted to their bugbountyprogram in 2022 were exploits of io_uring vulnerabilities. As a result, io_uring...
them, and launched a bugbountyprogram to offer rewards for reports that demonstrate vulnerabilities with the software. The bounty will reward white hat...
verified Wickr's code, security, and policies. Wickr has also launched a bugbountyprogram that offers a reward to hackers who can find a vulnerability in the...