The software revolution brought many opportunities for programmers. The modern software industry is not just limited to development. The developed software or service might have backdoors or glitches. These can cause vulnerabilities that hackers use to their benefit by exploiting such services.
No matter how big a company is or how many expert engineers they have, there is always something that they won’t be able to notice. This is the reason many big companies and communities often launch bug bounties wherein anyone who reports a bug in their system is often rewarded or given recognition or sometimes both.Here we have compiled a list of some of the best bug bounties on the internet.
Google has been very open-minded and generous when it comes to finding bugs in their systems. This is the reason Google has its Vulnerability Reward Program. Under this program, all bugs and vulnerabilities under YouTube, google search and blogger are considered. Google likes to keep the bug finding domain a little broader and has hence included browser extensions apps and services that basically handle a lot of user data. This also includes several hardware devices like Google Home, Nest and OnHub. It is important to note that Google has several restrictions when it comes to finding bugs in companies recently acquired by Google and no reward shall be provided under several circumstances. Though apart from that Google is generally very generous and is often seen paying significant rewards to people who help improve their systems.
The social media giant also runs a bounty program where it rewards and provides recognition to people who can find security loopholes in its services. Facebook clearly mentions that only security vulnerabilities qualify for rewards and software bugs do not. Facebook pays a minimum of 500 USD for finding loopholes that can cause security or privacy issues, though this amount may vary upwards depending upon the level of bug reported.
1Password is one of the most secure password managers on the internet and it has a bug bounty program under which it rewards security researchers. Since the level of complexity is a little high on this one, 1Password has set up some instructions that can help you get a start. The rewards offered under this program been classified into 4 major groups based on priority from 100 to 5,000 dollars.
Avast, one of the most famous antivirus companies on the internet, understands the need for third person security testing and has hence launched its bug bounty program. Bugs falling under Remote Code Execution, Local Privilege Escalation and Denial of Service are considered critical though other unnamed bugs may also be considered. Avast pays a minimum of $400 for such bugs but the amount is highly variable depending upon the severity of the bug addressed.
The free and open source programs are communities and organizations that build and maintain open source software. You might not receive a reward for finding a bug in these systems but the recognition could really help your career.
The Apache foundation, very famous for its contribution in providing Free software especially its web server does not officially run a bug bounty program. But all security bugs are welcome and you can get recognition for your work in their forums.
CodeIgniter is one of the most famous PHP frameworks on the web and is used to power thousands of web applications. CodeIgniter accepts all bugs and fixes that you may find in its framework. Security issues about their website are also accepted but CodeIgniter majorly focuses on its framework. There is no reward here, but you do get recognition from the CodeIgniter community.
This one is the most interesting of all. The Internet Bug Bounty offers rewards and recognition to individuals who uncover security vulnerabilities in the core software that supports the internet. This includes various programming languages and server-side software, such as Python, Apache and Nginx servers, Perl, PHP, Django etc. This program is managed by HackerOne and is supported by companies like Facebook, Github, and Microsoft.These were some of the best and interesting bug bounties on the internet. You can see a collection of all bounties on this website. If you think we missed an interesting bounty that should have made it to the list, let us know in the comments section.
Mohd Sohail is a web developer and a Linux sysAdmin. He also loves to write how-to articles, applications reviews and loves to use new Linux distributions.