What is Bug Bounty?
The Bug Bounty, an American concept initiated in 1994, is an alternative method to usual audits based on collaboration.
A Bug Bounty is a reward that a company offers to all those who find vulnerabilities in a given and authorized scope. That scope can be a website, an application, an API, etc.
It is up to the company to determine which services people are going to be able to explore, looking for security vulnerabilities. There are some rules to respect and each Bug Bounty must clearly state the limits that hackers must not go over.
A reward is offered according the importance and severity of the vulnerabilities found in the system.
The amount of the rewards is quite variable, it will depend on the kind of vulnerability found and its associated rating.
The more critical the vulnerability, complex, well documented with, if possible, a PoC (Proof of Concept), recommendations and even a patch, the greater the reward will be.
It is an ever-growing concept represents a simple, flexible and less expensive solution for companies.
Why Bug Bounty?
Fast to launch, guarantees results, transparent and free if no vulnerability is found.
Thanks to Bug Bounty, companies’ security systems are constantly tested by a team of ethical hackers who deliver rich and varied feedback.
With an efficient Bug Bounty program, a company can have the security of its website or tools tested non-stop, 24 hours a day, by hundreds of different hackers, for much less expensive that traditional audits.
This is the strength of Bug Bounty.
Our Bug Bounty learning and training platforms are offered in collaboration with our partner Yes We Hack.