35 lines
1.0 KiB
Markdown
35 lines
1.0 KiB
Markdown
---
|
|
title: Bug Bounties
|
|
---
|
|
|
|
## Bug Bounties
|
|
|
|
Bug bounties are programs that are set up by companies to encourage people to check their products for vulnerabilities. In return these companies offer rewards for reporting the discovered vulnerabilities.
|
|
|
|
### Benefits to bounty hunters
|
|
|
|
The benefits to the bounty hunters are fairly straightforward. They get paid for what they find and get to improve their skills
|
|
|
|
### Benefits to companies
|
|
|
|
The companies that sponsor these programs gain several benefits:
|
|
|
|
- Many eyes on their product are more likely to find more bugs than the typical QA team
|
|
- Only have to pay for results, not for the time spent trying to find bugs
|
|
- Encourages people who find vulnerabilties to turn them over to the company and not to the black market.
|
|
|
|
### Notable companies and organizations that offer bug bounties
|
|
|
|
- Cisco
|
|
- Facebook
|
|
- Github
|
|
- Google
|
|
- Instagram
|
|
- Mastercard
|
|
- Microsoft
|
|
- Paypal
|
|
- Twitter
|
|
- Uber
|
|
|
|
A more comprehensive list can be found at the Bugcrowd's Bug Bounty List - https://www.bugcrowd.com/bug-bounty-list/
|