Corporations, both large and small, are now increasingly sinking resources into perfecting their online and offline security for their data. In this age, where data is the new gold, organisations are taking care not to let the data be leaked because a breach of data will signal their inability to protect themselves from security threats.
A bug is an error, flaw or fault in a computer program or system which causes it to produce an incorrect or unexpected result, or to behave in unintended ways. Bugs lead to a huge loss in infrastructure, finances and reputation. For example, a Mars climate orbiter, which was launched in 1998, crashed onto the martian surface due to a bug. A sub contractor, who designed the navigation system, used the Imperial units of measurement instead of the metric system which was specified by NASA, leading to the orbiter crashing. The famous Y2K bug led the entire world to believe entire systems would come crashing down because of the belief the time on the computers will reset to the year 1900 instead of 2000 after the year 1999.
There are many bugs like these, some harmless, some which cause considerable harm. Bugs like these can be exploited by anyone with a malicious intent and corporations are trying to counter it by offering bounties for bugs which are reported. A bug bounty program is a deal offered by many websites, organizations and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to exploits and vulnerabilities.
Let us have a look at five famous companies with bug bounty programs.
1. Google
It is no surprise Google is on the list because of the amount of user data and confidential information to which it has access, considering most of the world uses Google’s products or services in some way or the other. Google currently offers six reward programs which are:
Google Vulnerability Reward Program (VRP)
Patch Reward Program
Vulnerability Research Grants
Chrome Reward Program
Android Reward Program
Google Play Security Reward Program
Google offers rewards ranging from $ 500 to one million dollars, depending on the severity of the bug.
2. Facebook
The social networking platform, which also owns WhatsApp and Instagram, has access to large amounts of private information of its users. The recent Facebook security breach saw founder and Chief Executive Officer (CEO) Mark Zuckerberg sit in front of an American congressional panel to address the concerns of the Government and the public. A Brazilian engineer was paid a bounty of $ 33,500 for reporting a bug which showcased vulnerabilities that would allow anyone to read arbitrary files on a web server.
3. Microsoft
One of the world’s largest corporations, Microsoft has a bug bounty program called the Researcher Recognition Program. It allows white hat hackers (ethical hackers) to report bugs on all of Microsoft’s services and products. Microsoft offers up to $ 300,000 dollars, depending on the type and nature of the bug.
4. Apple
In a bid to compete with Google Maps, Apple released its own version of Maps, called Apple Maps. The utility this application provided was, however, nowhere close to that provided by Google Maps. There was a bug which left motorists stranded in the middle of nowhere in Australia. The motorists, who were supposed to go to the town of Mildura, were instead led to a location which was 45 miles away from the location of the town and was instead a place in a remote national park. Since then, Apple got on to the bug bounty program, which lets white hat hackers and its users report bugs in return for rewards. At a recent Black Hat Briefings conference, Apple announced it would increase its rewards to one million dollars. Apple offers its rewards through its Apple Security Bounty program available on its website.
5. PayPal
PayPal offers rewards through its program called the PayPal Bug Bounty Program, which allows users or hackers to report bugs on their domains like PayPal, Braintree, Paydiant, Venmo and Xoom. Paypal currently offers bounties ranging from $ 50 to $ 30,000.
There are many other companies and corporations as well whichwho have a bug bounty program in some form or the other in order to protect their security interests. These programsThis program also attractattracts hackers to test their skillsskill in order to gain recognition from their peers. Even the American Pentagon has a bug bounty program, whichand that goes on to show the importance of security of data in this day and age.