What is a bug bounty program?
A bug bounty program is an initiative taken by the organization to reward the people who identify the bugs and report this issue to them. The bug bounty program is also known as vulnerability rewards program (VRP), is the plain method in which individual reports the software bugs to the website and in return received the reward from them. Bug bounty programs are often initiated to supplement internal code audits and penetration tests as part of an organization’s vulnerability management strategy.
Many famous web sites and web vendors use the ethical method of bug bounty to find out software vulnerability which has a further danger of getting exploit. The report submitted about the bug must consist of solid documents proving the vulnerability of the bounty program and the threat that the bug can cause to the website. After getting the sufficient proof about the bug bounty program, the company pays to the white hat hackers and security experts for the action. The payment is made according to the difficulty in hacking the system and how much impact on users a bug might have and most importantly the size of the organization.
Global initiative in the field of bug bounty program.
The bug bounty program is used by the top notch websites including, Mozilla, Facebook, Yahoo!,Google, Reddit, Square, and Microsoft. The global white hat hackers and security experts are participating in this initiative program to remove all the bugs. India among all this stands second in the bug hunting program in the world and tops in the Facebook bug bounty program by removing some really impact full bugs.
According to the Facebook quoted in a post,”India contributed the largest number of valid bugs at 136, with an average reward of $1,353. The USA reported 92 issues and averaged $2,272 in rewards. Brazil and the UK were third and fourth by volume, with 53 bugs and 40 bugs, respectively, and average rewards of $3,792 and $2,950″.
Some interesting bug bounty programs by far:
1. FACEBOOK WHITEHAT PROGRAM
The biggest social media platform in the world, Facebook privatized the personal information of their users and allows ethical white hat hackers to identify bugs. The security researcher needs to identify the logical bug and report to the Facebook bug team, and then they will examine it. In this program, the researcher can earn minimum $500 USD and no limit for the maximum earning.
2. GOOGLE VULNERABILITY REWARD PROGRAM (VRP)
The Google is the biggest web portal is always exposed to numerous vulnerabilities and risks. The Google VRP is mainly focused on the vulnerabilities such as SQLi, XSS, CSRF and Remote Code Execution. The researchers who got to find these bugs will get the reward of $100 USD to the $20000 USD, and also get a place on the wall of fame in the Google office.
3. YAHOO BUG BOUNTY PROGRAM
The Yahoo has a team of security expert which always accepts valuable information about the bugs from the experts. The bugs must be related to the Yahoo and Flickr too only get a reward from Yahoo. The Yahoo rewards between $50 to $15000 USD to the person who finds bugs for them. Yahoo’s bug bounty program normally revolves around vulnerabilities such as SQLi, XSS, CSRF, Directory Traversal, Remote Code Execution, Information Disclosure and Content Spoofing.