What is Bug Bounty Program?
Bugs in a website or a software leads to vulnerabilities and exploits. Many websites and software developers offer a deal called Bug Bounty Programs, also called vulnerability reward programs (VRPs) where individuals (Software Security Researchers and White hat hackers) get recognition and compensation for reporting these type of bugs. The main aim of these programs is to discover and resolve the bugs before public is aware of them thereby preventing incidents that cost a lot. Many websites like Facebook, Google, Yahoo and Microsoft have implemented these programs.
This program took its creation at Netscape Communications Corporation which was a huge success.
Bug reports must provide enough information for the organization offering bounty to resolve the bug and the vulnerability present. The payment amounts differ depending on the size of the organization, difficulty in hacking in to the system and the impact of bug on the users.
Some Bug Bounty Programs:
Facebook White hat Program :
Payment Offered : Minimum $500 USD and no pre-determined maximum pay.
Facebook has given as much as $20000 for reporting a single bug.
Google Vulnerability Reward Program :
Payment Offered: Minimum of $100 USD and no predetermined maximum pay.
Google paid $700000 for chrome operating system bug reporters.
Mozilla Bug Bounty :
Payment Offered: Minimum of $500 USD (Minimum), Maximum of $3,000 USD
Mozilla paid $3000 for bugs that suits its criteria.
Microsoft – Online Services Bug Bounty Program :
Languages Used: ASP.NET
Payment Offered : Minimum 500$ and no pre-determined maximum pay.
Microsoft paid $100000 for an attack vulnerability in Windows 8.1
Along with these many other programs are there like Apple, Avast, WordPress, Github bounty programs that offer payment for reporting bugs. Recently Zomato, India’s largest restaurant and food delivery app-after going through a Security Breach– also showed interest in these programs.
It’s safe and good that bounty programs are gaining momentum day by day. With more and more security companies encouraging security research and promoting awareness among enthusiasts, the cyber crimes will come down hopefully.
Image Cedits @ tripwire.com