Bug bounty programs are crowdsourcing initiatives that reward competent independent researchers for finding and reporting on vulnerabilities or bugs in software programs and technologies. Bug Bounty Programs enable the developers to discover and fix bugs before they are recognized by the general public, deterring circumstances of widespread misuse. With the surge in global cybersecurity threats, bug bounty programs ate highly beneficial means of identifying vulnerabilities early on in the process. Researchers get recognition and rewards for their work and the companies can make their services free from all the vulnerabilities and bugs, a win-win situation for both.
Here’s a list of The Top Bug Bounties out there:
- About – Under Facebook’s Bug Bounty Program, individuals can identify and report the bugs present on Facebook, Instagram, Atlas, WhatsApp, and all the other platforms of Facebook.
- Minimum Pay – Facebook will reward a minimum of $500 for every vulnerability that is reported to them.
- Maximum Pay – No upper limit of payment has been set by Facebook.
- Bounty Link – https://www.facebook.com/whitehat/
- About – Microsoft’s Bug Bounty Program was launched on 23rd September 2014. This Bug Bounty only deals with Online Services and the bounty reward is only provided for critical vulnerabilities.
- Minimum Pay – Microsoft will pay at least $15,000 for the vulnerabilities reported to them.
- Maximum Pay – Reward earned from Microsoft’s Bug Bounty can be as much as $250,000.
- Bounty Link – https://technet.microsoft.com/en-us/library/dn425036.aspx
- About – Bug Bounty Program of Intel is mainly targeted toward the company’s firmware, software, and hardware. This program does not include third-party products, recent acquisitions, or the company’s web infrastructure.
- Minimum Pay – The company will pay a minimum of $500 for every vulnerability identified.
- Maximum Pay – The company will pay up to $30,000 for every critical vulnerability identified.
- Bounty Link – https://security-center.intel.com/BugBountyProgram.aspx
- About – When this Bug Bounty was launched it only consisted of 24 researchers. Although, with time the framework kept expanding and now includes more bug bounty hunters. To be eligible for the bounty the issue must occur on the latest publicly available versions of iOS, iPadOS, macOS, tvOS, or watchOS.
- Minimum Pay – No minimum pay has been fixed by Apple Inc.
- Maximum Pay – Till now the highest Bug Bounty awarded by Apple is of $200,000 for security issues affecting its firmware.
- Bounty Link – https://support.apple.com/en-au/HT201220
- About – Google’s Bug Bounty Program has been operating continuously since November 2010. Contents on any of the platforms that are operated by Google like google.com, blogger.com, youtube.com are open for the bounty. Any security issue that affects the confidentiality of user data is in the scope of this program.
- Minimum Pay – A minimum of $300 will be paid for finding any security vulnerability.
- Maximum Pay – For normal Google applications, Google has paid the highest bounty of $31,337 to date.
- Bounty Link – https://www.google.com/about/appsecurity/reward-program/
- About – Twitter’s Bug Bounty Program started in May 2014. Any issue that affects the security of Twitter users is likely to be in scope for this program.
- Minimum Pay – A minimum of $140 will be paid under this bounty.
- Maximum Pay – The company will pay a maximum amount of $15,000.
- Bounty Link – https://support.twitter.com/articles/477159
- About – GitHub’s Bug Bounty has been operating since 2013. GitHub awards point to the individuals who report the vulnerabilities and according to the points, individuals are granted bounty.
- Minimum Pay – The company pays a minimum of $200 for finding bugs.
- Maximum Pay – A maximum amount of $10,000 is awarded on finding critical bugs.
- Bounty Link – https://bounty.github.com/
- About – This bug bounty was started in October 2014. As of now, the following parts are eligible for the Bug Bounty – Android applications, Dropbox web application, Dropbox iOS, Bugs in Dropbox Paper, and Dropbox Core SDK.
- Minimum Pay – $12,167 is the minimum amount paid by the company.
- Maximum Pay – $32,768 is the maximum amount offered by the company.
- Bounty Link – https://help.dropbox.com/accounts-billing/security/how-security-works
- About – Uber’s Bug Bounty Program was launched in December 2014. This bounty is primarily directed towards protecting the data of its employees and users.
- Minimum Pay – No minimum amount has been fixed by the company.
- Maximum Pay – The company will pay a bounty of $10,000 for critical bugs reported.
- Bounty Link – https://eng.uber.com/bug-bounty-map/
- About – The Bug Bounty Program of WordPress was launched in July 2016. All bounties are doubled if they are reported before the bug is released for the general public.
- Minimum Pay – A minimum amount of $150 has been set by the company for reporting bugs.
- Maximum Pay – No maximum limit has been set by the company.
- Bounty Link – https://make.wordpress.org/core/handbook/testing/reporting-bugs/
The Bug Bounty Programs are a great initiative as researchers get recognition and rewards for their work and the companies can make their services free from all the vulnerabilities and bugs, a win-win situation for both. Check out the list and find which program suits you the most and get on to work.