What is a Bug Bounty? And why are they becoming so popular lately?
In recent years, organizations have been launching error detection reward programs to identify and fix vulnerabilities in their applications. The Error Detection reward program allows ethical hackers to check whether an organization’s applications have security problems.
Bug Bounty programs allow independent security researchers to inform the company about vulnerabilities in its IT infrastructure and receive a decent reward for the information provided.
The terms of Bug Bounty programs may vary from organization to organization. For example, some companies may even declare an “open door season”, allowing ethical hackers to fully test the strength of the organization’s infrastructure. Or the verification can be limited to a separate application or page, and also specify what types of vulnerabilities researchers can test. For example, it is allowed to search for cross-site scripting vulnerabilities, but it is forbidden to use denial-of-service attacks.
After detecting a vulnerability, an ethical hacker sends a report to the organization, often this is done through a separate platform. Then the organization contacts the white hacker, checks for the vulnerability, fixes it and tests whether the fix works correctly. When all the checks are passed, the lucky bug hunter gets a well-deserved reward. The amount of remuneration usually depends on the degree of danger and the impact of the vulnerability in question.
Advantages of Bug Bounty programs
Bug Bounty programs are becoming increasingly popular among the public and private sectors. Participation in such programs gives the tested organizations a number of different advantages.