Date First Published: 25th October 2023
Topic: Cybersecurity
Subtopic: Security Mechanisms & Technologies
Article Type: Computer Terms & Definitions
Difficulty: MediumDifficulty Level: 5/10
Learn about what a bug bounty is in this article.
A bug bounty is a reward offered by the owners of a system, computer program, or website, for discovering and reporting a security vulnerability, bug, or weakness. Bug bounties offer an incentive for users to identify security holes and vulnerabilities before they can be exploited by attackers, encouraging other users to help improve products. Websites, organisations, and developers may get hundreds of reports and those who correctly identify and report those bugs can receive financial rewards and recognition.
Bug bounty programs can vary, depending on the organisation. Some organisations offer open bug bounty programs, which allow anyone to sign up and join to test for any vulnerability or bug, whilst others offer closed bug bounty programs which invite specific users to test for vulnerabilities and bugs. Although the use of ethical hackers to find bugs and vulnerabilities can be effective, these programs can be controversial in that not all users have a trusted relationship with the provider and may be offered to users on an invitation-only basis to limit risk.
The amount a bug bounty pays varies, depending on the owners of the system, computer program, or website offering the bounty, and the possible impact of the identified security hole or vulnerability. The amount paid for a bug bounty will often range from £100 to hundreds of thousands of pounds. Vulnerabilities discovered and exploited by an attacker can cause an organisation a great financial loss, so the bounty paid for identifying a bug or vulnerability is often well spent.
Bug bounty programs have been implemented by a large number of organisations, including Google, Yahoo, Mozilla, Facebook, Reddit, and Microsoft. For example, Google launched bug bounty programs for its Chrome operating system and other applications. The company paid out more than 700,000 USD in over 700 different reward payments to those reporting bugs. Apple has one of the largest bug bounty offers around. Apple will pay out 100,000 USD if a user discovers vulnerabilities in the iCloud or vulnerabilities to bypass a lock screen.
If so, it is important that you tell me as soon as possible on this page.
Network Services Network Setups Network Standards Network Hardware Network Identifiers Network Software Internet Protocols Internet Organisations Data Transmission Technologies Web Development Web Design Web Advertising Web Applications Web Organisations Web Technologies Web Services SEO Threats To Systems, Data & Information Security Mechanisms & Technologies Computer Hardware Computer Software Ethics & Sustainability Legislation & User Data Protection