Definition

bug bounty program

Part of the Application security glossary:

A bug bounty program, also called a hacker bounty program or vulnerability rewards program (VRP), is a crowdsourcing initiative that rewards individuals for finding a software bug and reporting it to the organization offering a monetary reward.

Many software vendors and web sites run bug bounty programs, often paying out cash rewards to software security researchers and white hat hackers for discovering and reporting software vulnerabilities that could be exploited. Bug reports must document enough information for for the organization offering the bounty to be able to reproduce the vulnerability. Bug bounty programs are often initiated to supplement internal code audits and penetration tests as part of a vulnerability management strategy.

Most companies offer bounties on a sliding scale based on the size of the organization and how much impact on users a bug might have. For example, Mozilla pays out a $3,000 flat rate bounty for bugs that fit its criteria, while Facebook has given out as much as $20,000 for a single bug report. Google paid Chrome operating system bug reporters a combined $700,000 in 2012 and in one of the biggest recent bounties, Microsoft paid UK researcher James Forshaw $100,000 for an attack vulnerability in Windows 8.1.

This was last updated in October 2013
Contributor(s): Matthew Haughn
Posted by: Margaret Rouse

Related Terms

Definitions

  • Web application firewall (WAF)

    - A Web application firewall (WAF) is a firewall that monitors, filters or blocks the HTTP traffic to and from a Web application. (SearchSecurity.com)

  • shadow app

    - Shadow apps are software-as-a-service (SaaS) applications that are used on business networks but are not supplied by the IT department or even visible to them. Shadow apps are often collaborative ... (WhatIs.com)

  • TailsOS

    - TailsOS is a LiveDistro-based operating system that is configured to run from removable storage and to leave no information stored on the computer after the user’s session. A LiveDistro is a distr... (WhatIs.com)

Glossaries

  • Application security

    - Terms related to application security, including procedural definitions for preventing software vulnerabilities and words and phrases about secure code development.

  • Internet applications

    - This WhatIs.com glossary contains terms related to Internet applications, including definitions about Software as a Service (SaaS) delivery models and words and phrases about web sites, e-commerce ...

Ask a Question About bug bounty programPowered by ITKnowledgeExchange.com

Get answers from your peers on your most technical challenges

Tech TalkComment

Share
Comments

    Results

    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.