An ethical hacker is a skilled computer expert who uses his/her technical knowledge to overcome any security problem on websites or applications. They solve problems based on their skills and practical research. Did you know that hackers can use this skill to make a living as a freelancer? Yes, It’s possible via various bug bounty programs. All major tech giants have bounty programs to improve their application and database security.
What is Bug Bounty program?
A bug bounty program is a deal offered by tech companies by which hackers can receive recognition and compensation for reporting bugs, especially those pertaining to exploits and vulnerabilities. These programs allow the developers to discover and resolve bugs before the general public is aware of them, preventing incidents of widespread abuse. Now, Let’s find out what are the top 10 bug bounty programs.
Top 10 bug bounty programs
When Apple first launched its bug bounty program it only allowed 24 security researchers but later on the framework then expanded to include more bug bounty hunters. There is no limited amount fixed and the company is willing to pay US$100,000 to those who can extract data protected by Apple’s Secure Enclave technology. The highest bounty given reached US$200,000 for its security issues affecting its firmware. Bounty Link: https://support.apple.com/en-au/HT201220
Officially launched on September 23, 2014, Microsoft’s current bug bounty program deals only with Online Services. Unfortunately, the bounty reward is given only for the critical and important vulnerabilities and nothing more. The minimum layout is US$15,000 dollars for critical bugs and US$250,000 dollars can be the maximum. Bounty Link: https://technet.microsoft.com/en-us/library/dn425036.aspx
3. Facebook Whitehat
Users can report a security issue on Facebook, Instagram, Atlas or WhatsApp under Facebook’s bug bounty program. However, there are some security issues that the social networking platform considers out of bounds. There is no upper limit fixed for the Payout but US$500 dollars is the minimum for a disclosed vulnerability. Bounty Link: https://www.facebook.com/whitehat/
4. Google Vulnerability Reward Program
All the content in Google, YouTube and Blogger are open for vulnerability rewards program. However, this bounty program covers design and implementation issues only. Google will pay minimum US$100 dollars and maximum US$31,337 depending on how critical the bug is. Bounty Link: https://www.google.com/about/appsecurity/reward-program/
Intel’s bounty program mainly targets the company’s hardware, firmware, and software. Unfortunately, it does not include recent acquisitions, the company’s web infrastructure, third-party products, or anything relating to McAfee. The maximum payout that Intel offers is US$30,000 dollars for detecting critical funds and the minimum of US$500 dollars for bugs in its system. Bounty Link: https://security-center.intel.com/BugBountyProgram.aspx
Twitter allows ethical hackers and security researchers about possible security vulnerabilities and encourages people to find bugs in their services. Minimum payout is US$140 and US$15,000 is the maximum Bounty Link: https://support.twitter.com/articles/477159
Avast bounty program rewards ethical hackers and security researchers to report Remote code execution, Local privilege escalation, DOS, and scanner bypass. They can pay you with the minimum of US$400 and US$10,000 dollars for maximum amount for payout. Bounty Link: https://www.avast.com/bug-bounty
Yahoo made a team dedicated to accepting vulnerability reports from security researchers and ethical hackers. Yahoo can pay up to US$15,000 for detecting important bugs in their system, however, the company does not offer any reward for finding bugs in yahoo.net, Yahoo7, Yahoo Japan, Onwander and Yahoo operated Word press blogs. There is also no set limit on Yahoo for minimum payout. Bounty Link: https://hackerone.com/yahoo
Ethical hackers and security researchers can be rewarded when they discover vulnerabilities. But the bounty is only offered for bugs in Mozilla services, like the Firefox, Thunderbird and other related applications and services. Minimum payout is US$500 and $5,000 dollars is the maximum. Bounty Link: https://www.mozilla.org/en-US/security/bug-bounty/
GitHub’s has its own bug bounty program since 2013. Every successful participant earned points for their vulnerability submissions depending on the severity. However, the security researcher will receive that bounty only if they respect users’ data and do not exploit the issue that could harm the integrity of GitHub’s services or information. US$200 dollars is the minimum payout that Github could give. US$1000 dollars is the maximum payout for finding critical bugs. Bounty Link: https://bounty.github.com