Bug Bounty Programs

A Bug Bounty Program is a deal that is offered by many websites, organizations, and software developers where individuals can receive recognition and monetary payment for reporting bugs or vulnerabilities in a vendors product offerings. Products can be hardware, software, services, or website.

These Bug Bounty programs seek the responsible disclosure of critical bugs to the vendor of said software.  Responsible disclosure means the vendor is given a reasonable time-frame within which to address and fix the vulnerability or bug before the security researcher can release their findings to the public.  In most cases the vendor and security research work hand-in-hand to validate the fixes actually work, and then once a patch is released and the vendors clients are properly secured the security researcher may release the details of their work. 

Google, Facebook and Reddit are examples of organizations that have used this program to help secure their software.

Related Terms: BugVulnerability

Source: HackerOne

Share this on your social networks. Help Friends, Family, and Colleagues become more aware and secure.