Did you know that hackers can use this skill to make a living as a freelancer? Yes, It’s possible via various bug bounty programs. All major tech giants have bounty programs to improve their application and database security.
What is the Bug Bounty program?
A bug bounty program is a deal offered by tech companies by which hackers can receive recognition and compensation for reporting bugs, especially those pertaining to exploits and vulnerabilities. These programs allow the developers to discover and resolve bugs before the general public is aware of them, preventing incidents of widespread abuse. Now, Let’s find out what are the top 10 bug bounty programs.
Top 10 bug bounty programs
- Apple When Apple first launched its bug bounty program it only allowed 24 security researchers but later on the framework then expanded to include more bug bounty hunters. There is no limited amount fixed and the company is willing to pay US$100,000 to those who can extract data protected by Apple’s Secure Enclave technology. The highest bounty given reached US$200,000 for its security issues affecting its firmware.
- Microsoft Officially launched on September 23, 2014, Microsoft’s current bug bounty program deals only with Online Services. Unfortunately, the bounty reward is given only for the critical and important vulnerabilities and nothing more. The minimum layout is US$15,000 dollars for critical bugs and US$250,000 dollars can be the maximum.
- Facebook Whitehat Users can report a security issue on Facebook, Instagram, Atlas, or WhatsApp under Facebook’s bug bounty program. However, there are some security issues that the social networking platform considers out of bounds. There is no upper limit fixed for the Payout but US$500 dollars is the minimum for a disclosed vulnerability.
- Google Vulnerability Reward Program All the content in Google, YouTube, and Blogger are open for the vulnerability rewards programs. However, this bounty program covers design and implementation issues only. Google will pay a minimum of US$100 dollars and a maximum of US$31,337 depending on how critical the bug is.
- Intel Intel’s bounty program mainly targets the company’s hardware, firmware, and software. Unfortunately, it does not include recent acquisitions, the company’s web infrastructure, third-party products, or anything relating to McAfee. The maximum payout that Intel offers is US$30,000 dollars for detecting critical funds and the minimum of US$500 dollars for bugs in its system.
- Twitter Twitter allows ethical hackers and security researchers about possible security vulnerabilities and encourages people to find bugs in their services. The minimum payout is US$140 and US$15,000 is the maximum Bounty.
- Avast Avast bounty program rewards ethical hackers and security researchers to report Remote code execution, Local privilege escalation, DOS, and scanner bypass. They can pay you with a minimum of US$400 and US$10,000 dollars for the maximum amount for payout.
- Yahoo Yahoo made a team dedicated to accepting vulnerability reports from security researchers and ethical hackers. Yahoo can pay up to US$15,000 for detecting important bugs in their system, however, the company does not offer any reward for finding bugs in yahoo.net, Yahoo7, Yahoo Japan, Onwander and Yahoo-operated Word press blogs. There is also no set limit on Yahoo for minimum payout.
- Mozilla Ethical hackers and security researchers can be rewarded when they discover vulnerabilities. But the bounty is only offered for bugs in Mozilla services, like Firefox, Thunderbird, and other related applications and services. The minimum payout is US$500 and $5,000 dollars is the maximum.
- GitHub GitHub’s has its own bug bounty program since 2013. Every successful participant earned points for their vulnerability submissions depending on the severity. However, the security researcher will receive that bounty only if they respect users’ data and do not exploit the issue that could harm the integrity of GitHub’s services or information. US$200 dollars is the minimum payout that Github could give. US$1000 dollars is the maximum payout for finding critical bugs.