Skip to content

Bug Bounty

Easy — everyone uses thisSecurity

ELI5 — The Vibe Check

A bug bounty program pays ethical hackers to find security vulnerabilities in your product. Instead of paying a pentesting firm, you crowdsource security research. Hackers report bugs, you pay them a reward based on severity, and everyone wins — except actual hackers who can't exploit your now-patched holes.

Real Talk

Bug bounty programs are public or private incentive programs where organizations pay security researchers for responsibly disclosed vulnerabilities. Platforms like HackerOne and Bugcrowd host programs. Rewards range from hundreds to millions of dollars depending on severity. Google, Microsoft, and Facebook run major programs.

When You'll Hear This

"Our bug bounty program paid out $50k last year for critical findings." / "Report it through HackerOne — we have a bug bounty program."

Related Terms

Exploit

An exploit is the actual tool or technique used to take advantage of a vulnerability.

beginnerSecurity

Penetration Testing

Penetration testing (pentesting) is hiring ethical hackers to try to break into your own systems before the real bad guys do.

intermediateSecurity

Security Audit

A security audit is a systematic review of your code, infrastructure, and processes to find security weaknesses.

beginnerSecurity

Vulnerability

A vulnerability is a weakness in your code or system that a bad guy could exploit. Like a broken lock on a door.

beginnerSecurity

Zero-Day

A zero-day is a vulnerability that nobody knows about yet — except the person who found it. The name means the vendor has had 'zero days' to fix it.

intermediateSecurity
Back to Browse Random Term

Made with passive-aggressive love by manoga.digital. Powered by Claude.