Bug bounty is a program that recruits individuals to identify and report bugs for recognition and compensation. It’s now a common sight to see bounty program identify security exploits and vulnerabilities. While there are websites like hackerone, but big tech companies have a page that will compensate people for identifying any vulnerabilities. They are basically white hat hackers or so called ethical hackers who follow the rule that hunts for vulnerabilities in public facing systems and reports the issues to the owner of the system for some form of payment.
Bug bounties are great because companies can leverage their up-to-date knowledge and expertise, since they keep up with the latest vulnerabilities. Additionally, they all come from different background and and are very cost effective since you don’t need to hire them full time. Bug bounties should be utilized when doing penetration testing to better expose any vulnerabilities your organization may have.
HansITAcademy 