bug bounty programs

Very popular among hackers to surf internet in the search of bugs and wide variety of websites: manually, with scanners, using search engines etc

Why hackers do this? Many years go was popular to find bug and make a deface or some other kind of funny things with vulnerable application of website, but today such kind of earning like “Bug bounty program” became more popular and thus hackers tries to earn but not make malicious actions with the target.

Hackers and penetration testers more interested to report a bug so they can get money, pump up their reputation and get higher positions in ratings of many random platforms.

bug bounty program is a deal offered by many websites and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to exploits and vulnerabilities. These programs allow the developers to discover and resolve bugs before the general public is aware of them, preventing incidents of widespread abuse. Bug bounty programs have been implemented by a large numbers of organizations, including Facebook, Mozilla, Microsoft, Google and many more.

The original “Bugs Bounty” program was the creation of Jarrett Ridlinghafer while working at Netscape Communications Corporation as a technical support Engineer.

Netscape encouraged its employees to push themselves and do whatever it takes to get the job done and, in late 1995, Jarrett Ridlinghafer was inspired with the idea for, and coined the phrase, ‘Bugs Bounty’.

He recognized that Netscape had many enthusiasts and evangelists for their products, some of whom to him seemed even fanatical, particularly for the Mosaic/Netscape/Mozilla browser. He started to investigate the phenomenon in more detail and discovered that many of Netscape’s enthusiasts were actually software engineers who were fixing the product’s bugs on their own and publishing the fixes or workarounds:

  • in the news forums that had been set up by Netscape’s technical support department to enable “self-help through collaboration” (another one of Ridlinghafer’s ideas during his four-year stint at Netscape); or
  • on the unofficial “Netscape U-FAQ” website, where every known bug and feature of the browser was listed, as well as instructions regarding workarounds and fixes.

Ridlinghafer thought the company should leverage these resources and sat down and wrote out a proposal for the ‘Netscape Bugs Bounty Program’, which he presented to his manager who in turn suggested that Ridlinghafer present it at the next company executive team meeting.

So if speak about actual and most popular platforms for such activities are as bug hunting with reputation and payouts:

  1. HackerOne
  2. BugCrowd
  3. Open Bug Bounty

In our future articles we will provide overview of each platform and also will add more information regarding other available bug bounty programs, so stay tuned and subscribe on our updates via RSS or our Twitter.