Back to glossary

Bug Bounty

A program that offers financial rewards (bounties) to ethical hackers for finding and reporting valid security vulnerabilities in an organization's software.

Categorysecurity

Overview

Bug bounty programs allow organizations to leverage the collective skills of thousands of security researchers worldwide. They are often managed through platforms like HackerOne or Bugcrowd.

How it Works

  1. The organization defines the scope and the reward levels (usually based on the severity of the vulnerability).
  2. Researchers find and report bugs through the platform.
  3. The organization validates the report and pays the bounty.

Benefits

  • Continuous security testing by a diverse group of experts.
  • Cost-effective compared to hiring a full-time team of the same scale.
  • Identifies vulnerabilities that automated tools and traditional pentests might miss.

Related Terms

Responsible Disclosure