What Are Bug Bounties & How Do They Work?
Bug bounty is a program created by companies or developers to give appreciation in the form of money to hackers. This appreciation is given to hackers who manage to find and report bugs on their website or application. This program is mutually beneficial between hackers and companies. Where, companies get benefits in the form of bug reports, so they can improve their security systems. Meanwhile, hackers get benefits in the form of gifts of money and goods.
A company that wants to start this bug bounty program first needs to limit certain domains that have no impact on day-to-day operations. In addition, the company also provides a budget for the prizes offered if hackers can find bugs in their products. The giveaway is useful for rewarding hackers and letting them know that the company is serious about revealing product vulnerabilities. Hackers who follow this bug bounty program are called bug hunters. Insect hunters need to go through several steps in order to get a useful reward. One forum that is very well known as a bug bounty platform is Hackerone.
How the bug bounty worksa researcher found out that the company opened a bug bounty program
researchers conduct research on the company's applications
after finding the vulnerability, the researcher must make a report related to the vulnerability such as explaining
- what is the bug
- steps to get what the vulnerability looks like
- provide evidence of findings
- explain the impact of the vulnerability if exploited
- provide mitigation on how to close the bug
After creating and sending a report to the relevant parties, now is the stage where the company confirms your report is valid or not. If it is valid, the company will give you a reward or bug bounty according to the saverity of the vulnerabilitywant a clear sample report? contact us via firstname.lastname@example.org
Below are some bug bounty platforms