Bug Bounty Program

A Bug Bounty Program (BBP), also referred to as a vulnerability rewards program, is a crowdsourcing initiative offered by websites, organizations, and software developers that rewards individuals for discovering and reporting software bugs. Individuals who discover bugs can receive recognition and even compensation, especially those who report security exploits or vulnerabilities.

The purpose of a bug bounty program is to allow developers to resolve bugs before the general public is aware of them and to supplement internal code audits and penetration tests. Well-known companies such as Mozilla, Facebook, Google, and Microsoft have implemented BBPs. A bug report must document enough information in order for the program to be able to reproduce the vulnerability. The amount of compensation paid depends on the size of the organization, difficulty in hacking the system, and how much impact the bug has.

A BBP uses ethical hacking, which is the legal hacking of a computer system to identify areas where organizations can improve. Companies such as the United States Department of Defense and other government agencies have started using BBPs. This is a reversal from previously threatening ethical hackers with legal recourse to now inviting them to participate.

Bug bounty program disadvantages

While bug bounties can be effective, they can also be controversial. While most companies complete a full background check on the testers they allow into their program, the issue of trust still arises. To limit potential risk, some organizations have BBPs that require an invitation. Apple has limited bug bounty participation to a few dozen researchers.

A large disadvantage is the lack of relationship BBP testers have with a company. They do not partner with a company over time, so results are not tailored to match the company’s security initiatives or level of risk.

Webopedia Staff
Webopedia Staff
Since 1995, more than 100 tech experts and researchers have kept Webopedia’s definitions, articles, and study guides up to date. For more information on current editorial staff, please visit our About page.

Top Articles

List of Windows Operating System Versions & History [In Order]

The Windows operating system (Windows OS) refers to a family of operating systems developed by Microsoft Corporation. We look at the history of Windows...

How to Create a Website Shortcut on Your Desktop

Website Shortcut on Your Desktop reviewed by Web Webster   This Webopedia guide will show you how to create a website shortcut on your desktop using...

What are the Five Generations of Computers? (1st to 5th)

Reviewed by Web Webster Each generation of computer has brought significant advances in speed and power to computing tasks. Learn about each of the...

Hotmail [Outlook] Email Accounts

Launched in 1996, Hotmail was one of the first public webmail services that could be accessed from any web browser. At its peak in...

Document Management System

A document management system is an automated software solution businesses and organizations use...

Conti Ransomware

Conti ransomware first emerged in 2020. It uses a ransomware as a service...

Crypt888 Ransomware

Crypt888, also known as Mircop, is ransomware that encrypts files on desktops, downloads,...