Browse Definitions :
Definition

bug bounty program

A bug bounty program, also called a vulnerability rewards program (VRP), is a crowdsourcing initiative that rewards individuals for discovering and reporting software bugs. Bug bounty programs are often initiated to supplement internal code audits and penetration tests as part of an organization's vulnerability management strategy.

Many software vendors and websites run bug bounty programs, paying out cash rewards to software security researchers and white hat hackers who report software vulnerabilities that have the potential to be exploited. Bug reports must document enough information for for the organization offering the bounty to be able to reproduce the vulnerability. Typically, payment amounts are commensurate with the size of the organization, the difficulty in hacking the system and how much impact on users a bug might have.

Mozilla paid out a $3,000 flat rate bounty for bugs that fit its criteria, while Facebook has given out as much as $20,000 for a single bug report. Google paid Chrome operating system bug reporters a combined $700,000 in 2012 and Microsoft paid UK researcher James Forshaw $100,000 for an attack vulnerability in Windows 8.1.  In 2016, Apple announced rewards that max out at $200,000 for a flaw in the iOS secure boot firmware components and up to $50,000 for execution of arbitrary code with kernel privileges or unauthorized iCloud access.

While the use of ethical hackers to find bugs can be very effective, such programs can also be controversial. To limit potential risk, some organizations are offering closed bug bounty programs that require an invitation. Apple, for example, has limited bug bounty participation to few dozen researchers.

This was last updated in July 2017

Continue Reading About bug bounty program

Networking
  • jumbo frames

    A jumbo frame is an Ethernet frame, or data packet, with a payload greater than the standard size of 1,500 bytes.

  • OFDMA (orthogonal frequency-division multiple access)

    Orthogonal frequency-division multiple access (OFDMA) is a technology of Wi-Fi 6 (802.11ax) that lets access points serve ...

  • telecommunications (telecom)

    Telecommunications, also known as telecom, is the exchange of information over significant distances by electronic means and ...

Security
  • What is ransomware? How it works and how to remove it

    Ransomware is a type of malware that locks and encrypts a victim's data, files, devices or systems, rendering them inaccessible ...

  • security posture

    Security posture refers to an organization's overall cybersecurity strength and how well it can predict, prevent and respond to ...

  • ISO 31000 Risk Management

    The ISO 31000 Risk Management framework is an international standard that provides organizations with guidelines and principles ...

CIO
  • Whistleblower Protection Act

    The Whistleblower Protection Act of 1989 is a law that protects federal government employees in the United States from ...

  • skunkworks project (Skunk Works)

    A skunkworks project, also known as Skunk Works, is an innovative undertaking, involving a small group of people, that is outside...

  • digital innovation

    Digital innovation is the adoption of modern digital technologies by a business.

HRSoftware
  • talent network

    A talent network is a group of interconnected people with similar professional skills.

  • employee onboarding and offboarding

    Employee onboarding involves all the steps needed to get a new employee successfully deployed and productive, while offboarding ...

  • skill-based learning

    Skill-based learning develops students through hands-on practice and real-world application.

Customer Experience
  • virtual assistant (AI assistant)

    A virtual assistant, also called an AI assistant or digital assistant, is an application program that understands natural ...

  • Microsoft Dynamics 365

    Dynamics 365 is a cloud-based portfolio of business applications from Microsoft that are designed to help organizations improve ...

  • Salesforce Commerce Cloud

    Salesforce Commerce Cloud is a cloud-based suite of products that enable e-commerce businesses to set up e-commerce sites, drive ...

Close