Bugs in a website or a software leads to vulnerabilities and exploits. Many websites and software developers offer a deal called Bug Bounty Programs, also called vulnerability reward programs (VRPs) where individuals (Software Security Researchers and White hat hackers) get recognition and compensation for reporting these type of bugs. The main aim of these programs is to discover and resolve the bugs before public is aware of them thereby preventing incidents that cost a lot. Many websites like Facebook, Google, Yahoo and Microsoft have implemented these programs.
This program took its creation at Netscape Communications Corporation which was a huge success.
Bug reports must provide enough information for the organization offering bounty to resolve the bug and the vulnerability present. The payment amounts differ depending on the size of the organization, difficulty in hacking in to the system and the impact of bug on the users.
Some Bug Bounty Programs:
Facebook White hat Program :
Facebook has given as much as $20000 for reporting a single bug.
Google Vulnerability Reward Program :
Google paid $700000 for chrome operating system bug reporters.
Mozilla Bug Bounty :
Mozilla paid $3000 for bugs that suits its criteria.
Microsoft – Online Services Bug Bounty Program :
Languages Used: ASP.NET Payment Offered : Minimum 500$ and no pre-determined maximum pay.
Microsoft paid $100000 for an attack vulnerability in Windows 8.1
It’s safe and good that bounty programs are gaining momentum day by day. With more and more security companies encouraging security research and promoting awareness among enthusiasts, the cyber crimes will come down hopefully.