37 lines
1.5 KiB
Markdown
37 lines
1.5 KiB
Markdown
---
|
|
title: Bug Bounties
|
|
---
|
|
|
|
## Bug Bounties
|
|
Bug bounties are programs that are set up by companies to encourage people to check their products for vulnerabilities. In return these companies offer rewards for reporting the discovered vulnerabilities.
|
|
|
|
### Benefits to bounty hunters
|
|
The benefits to the bounty hunters are fairly straightforward. They get paid for what they find and get to improve their skills
|
|
|
|
### Benefits to companies
|
|
The companies that sponsor these programs gain several benefits:
|
|
|
|
- Many eyes on their product are more likely to find more bugs than the typical QA team
|
|
- Only have to pay for results, not for the time spent trying to find bugs
|
|
- Encourages people who find vulnerabilties to turn them over to the company and not to the black market.
|
|
|
|
### Notable companies and organizations that offer bug bounties
|
|
- Cisco
|
|
- Facebook
|
|
- Github
|
|
- Google
|
|
- Instagram
|
|
- Mastercard
|
|
- Microsoft
|
|
- Paypal
|
|
- Twitter
|
|
- Uber
|
|
|
|
A more comprehensive list can be found at the Bugcrowd's Bug Bounty List - https://www.bugcrowd.com/bug-bounty-list/
|
|
|
|
#### More Information
|
|
* [Facebook Awards Server-Crushing Hacker With Its Biggest Ever Bounty on Forbes](http://fortune.com/2017/01/19/facebook-hacker-bug-bounty/)
|
|
* [Bug Bounties on Wikipedia](https://en.wikipedia.org/wiki/Bug_bounty_program)
|
|
* [Bugcrowd bug bounty List](https://www.bugcrowd.com/bug-bounty-list/)
|
|
* [Hackerone list of bug bounty programs](https://hackerone.com/bug-bounty-programs)
|
|
* [github bug bounty](https://bounty.github.com/) |