BUG BOUNTY is a reward (often monetary) offered by organizations to individuals (outside of the organization) who identify a bug / defect (especially those pertaining to security exploits and vulnerabilities) in a software / application.
Table of Contents
Elaboration
Many organizations (especially IT companies) offer attractive Bug Bounty programs to the public so as to solicit bug reports from them and drive product improvement.
And, you have a chance to win any of the following:
- MONEY (Ranging from as low as $50 to as high as $1,000,000)
- MATERIAL (Ranging from a cool T-Shirt to a million flyer miles)
- APPRECIATION (Ranging from a simple Thank You note to a fancy Medal)
If you think we’re just kidding about the million dollars, check out Apple’s Maximum Payout for Network attack without user interaction (Zero-click kernel code execution with persistence and kernel PAC bypass) below.
Bug Bounty Programs
For your convenience, we’ve listed some Bug Bounty programs offered by major organizations:
Organization | Bug Bounty Program | Minimum Payout | Maximum Payout |
---|---|---|---|
Apple | Apple Security Bounty ![]() |
$5,000 | $1,000,000 |
Microsoft | Microsoft Online Services Bounty Program ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() |
$500 | $20,000 |
Microsoft | Microsoft Bug Bounty Program ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() |
— | $250,000 |
Google Security Reward Programs ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() |
$100 | $1,000,000 | |
Samsung | Samsung Mobile Security Rewards Program ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() |
$200 | $200,000 |
AT&T | AT&T Bug Bounty Program ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() |
$50 | $2,000 |
Amazon | Amazon Vulnerability Research Program ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() |
$100 | $15,000 |
Verizon Media | Verizon Media Bug Bounty Program ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() |
$100 | $15,000 |
Facebook Bug Bounty ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() |
$500 | — | |
Intel Corporation | Intel Bug Bounty Program ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() |
$500 | $100,00 |
The Internet Bug Bounty | The Internet Bug Bounty ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() |
$500 |
Comprehensive Lists
Comprehensive lists of Bug Bounty Programs are available in the sites mentioned below:
- HackerOne: https://hackerone.com/bug-bounty-programs
- Bugcrowd: https://www.bugcrowd.com/bug-bounty-list/
.
So, what are you waiting for?
Not confident?
Relax, we have you covered: Master the ART & SCIENCE of SOFTWARE TESTING HERE.
.
Last Updated on September 6, 2020 by STF