Bug bounties are run by businesses to find flaws and vulnerabilities in their applications and systems. Hired professionals and regular people can participate in a bug bounty program to find bugs and earn money from the found vulnerabilities.
Bug Bounties Program and Policies
A bug bounty is a program run by different businesses to find flaws and vulnerabilities affecting the product and end user. Bugs vary in levels of severity. For example, a bug may be classified as critical, meaning there is a high risk associated with the bug. A critical bug can affect the confidentiality, integrity, and availability of the product and end users using the product. A lower class vulnerability may be classified as minor, meaning there is low risk associated with the bug. For example, a low risk bug could be a visual error in the content display of an application. Bug bounties are less expensive to run than having multiple lawsuits filed and a data breach. Therefore, companies should invest in bug bounty programs to prevent monetary loss and to have outside people look for vulnerabilities in a system that the internal team has missed.
References
Sridhar, K., & Ng, M. (2021, March 12). Hacking for Good: Leveraging HackerOne Data to Develop an Economic Model of Bug Bounties. OUP Academic. Retrieved April 4, 2023, from https://academic.oup.com/cybersecurity/article/7/1/tyab007/6168453
