Bug means any problem or error. Suppose you created an application, now there is something wrong with the application. They are called bugs in the language of computer science. The bounty reward is the prize. Suppose you find a bug in the program or system of an organization like Facebook, Google, Yahoo, Twitter etc. which will show the security vulnerability of that organization. You reported their security vulnerability, now that they have verified it and found the bug you reported to be true, they will be happy with your work and give you an amount as a bounty reward. The amount of reward for a bug can be more than অনুযায়ী 50,000 according to the company if the risk of a security bug can describe an adequate cyber threat to the company. And the whole system is Bug Bounty.
Bug bounty is a very common and well-known term in countries like the United States, Russia, India, Pakistan and the United Kingdom. Even our neighbor India is at the forefront of ethical hacking and bug bounty. But in our country it is a new thing to us and still most people consider hacking as a crime. But there are many good types of hackers who are working hard to make the Internet a safer place for ordinary users. We call them ethical hackers and in some cases bug bounty hunters.
Only a hacker can think like a hacker. So, when it comes to being hacker-proof, you may have to go to a hacker. As we have said there are good types of hackers who work hard to build the internet as a safe place yet there are many hackers who are responsible for many big historical cyber attacks and data breaches. In the case of a data breach, companies have to face huge financial losses, which can lead to huge business losses.
According to the Ponemon Institute, data breaches in cyber attacks result in a 36% loss of business customer confidence. That's the equivalent of 1.44 million. The more companies that lose customers for data breach, the more financially they suffer. A company spends ড 2.8 million on data breaches if it loses less than 1% of its customers. If the company loses more than 4% of its customers, the financial loss in Breach is ৭ 5.6 million, which is 45% more than the average.
Popular bug bounty platforms
There are some companies that have created several platforms to manage hackers and bug bounty programs. There are two types of bug bounty platforms:
Public Platform - Anyone can test to join.
Invite Only Platform - Only invited hackers or qualified hackers can join.
Some of the largest and most popular public bug bounty platforms are:
Hackerone (Hackerone - http://hackerone.com/)
Bugcrowd (https://bugcrowd.com/)
Integrity (Intigriti - https://intigriti.com/)
SafeHats (https://safehats.com/)
Federacy (Federacy - https://federacy.com/)
The popular invite only platforms are:
Synack (https://synack.com/red-team/)
Zerocopter (https://www.zerocopter.com/researchers)
Yogosha (Yogosha - https://yogosha.com/researchers/)
There are several types of bug bounty programs, e.g.
Public Programs
Private Programs
Self Hosted External Programs
Public Programs: - Public bug bounty programs are programs that are publicly available to all bug bounty hunters and do not require an invitation to test. For example, Twitter's Bug Bounty program is a public program with a testing policy link https://hackerone.com/twitter
Private Programs: - Private programs are programs for only a select few bounty hunters who are invited to the program. Thus an invite is required to test a private program. The advantage of private programs is that very few bounty hunters are invited to such programs, so they are likely to have a good deal of security vulnerabilities.
Self-Hosted External Programs: There are many bug bounty programs that manage their program from their own site or platform. We can call them self-hosted or external bug bounty programs. Google, for example, has its own BugBounty program at https://bughunter.withgoogle.com/ where you can see their goodwill reporting form and policy link. You can use Google Dork below to find external programs: -
inurl: Responsible-Disclosure
inurl: Bug-Bounty
Inurl: security-disclosure
Inurl: vulnerability-disclosure
Note: Many people think that after finding the bug in the hacking, I will tell them one thing later. I will google them and find out how the hackers hack.
