A bug bounty program is a deal offered by many websites and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to exploits and vulnerabilities. Bug bounty program originally welcomed just two dozen security researchers who had previously reported vulnerabilities in the tech giant’s software. Each of them has earned points for their vulnerability submissions depending on a flaw’s severity. Researchers can receive expected between $200 and $500,000 or more as a reward. Security impact of each vulnerability disclosed to it by taking into account multiplying factors, such as scale of exposure and sensitive of user data exposed, and whether factors like user interaction or physical access limits the severity of the flaw. But they’ll receive that bounty only if they respect users’ data and don’t exploit any issue to produce an attack that could harm Numerous organisations and even some government, semi-government and private entities have launched their own vulnerability reward programs (VRPs).
I think it’s time for an updated list :
I’m an Entrepreneur, Freelance Security Consultant, Bug Hunter having years of experience with a deep interest in InfoSec Industry. I love to speak and write about web and mobile application pen-testing, bug bounty. You can reach me at