fbpx
Wikipedia

Bug bounty program

February 15, 2024

A bug bounty program is a deal offered by many websites, organizations, and software developers by which individuals can receive recognition and compensation[1][2] for reporting bugs, especially those pertaining to security exploits and vulnerabilities.[3]

These programs allow the developers to discover and resolve bugs before the general public is aware of them, preventing incidents of widespread abuse and data breaches. Bug bounty programs have been implemented by a large number of organizations, including Mozilla,[4][5] Facebook,[6] Yahoo!,[7] Google,[8] Reddit,[9] Square,[10] Microsoft,[11][12] and the Internet bug bounty.[13]

Companies outside the technology industry, including traditionally conservative organizations like the United States Department of Defense, have started using bug bounty programs.[14] The Pentagon's use of bug bounty programs is part of a posture shift that has seen several US Government Agencies reverse course from threatening white hat hackers with legal recourse to inviting them to participate as part of a comprehensive vulnerability disclosure framework or policy.[15]

History edit

Hunter and Ready initiated the first known bug bounty program in 1981 for their Versatile Real-Time Executive operating system. Anyone who found and reported a bug would receive a Volkswagen Beetle (a.k.a. Bug) in return.[16]

On October 10, 1995, Netscape Communications Corporation launched a "Bugs Bounty" program for the beta version of its Netscape Navigator 2.0 browser.[17][18][19]

Vulnerability Disclosure Policy controversy edit

In August 2013, a Palestinian computer science student reported a vulnerability that allowed anyone to post a video on an arbitrary Facebook account. According to the email communication between the student and Facebook, he attempted to report the vulnerability using Facebook's bug bounty program but the student was misunderstood by Facebook's engineers. Later he exploited the vulnerability using the Facebook profile of Mark Zuckerberg, resulting into Facebook refusing to pay him a bounty.[20]

 
A Facebook "White Hat" debit card, which was given to researchers who reported security bugs

Facebook started paying researchers who find and report security bugs by issuing them custom branded "White Hat" debit cards that can be reloaded with funds each time the researchers discover new flaws. "Researchers who find bugs and security improvements are rare, and we value them and have to find ways to reward them", Ryan McGeehan, former manager of Facebook's security response team, told CNET in an interview. "Having this exclusive black card is another way to recognize them. They can show up at a conference and show this card and say 'I did special work for Facebook.'"[21] In 2014, Facebook stopped issuing debit cards to researchers.

In 2016, Uber experienced a security incident when an individual accessed the personal information of 57 million Uber users worldwide. The individual supposedly demanded a ransom of $100,000 in order to destroy rather than publish the data. In Congressional testimony, Uber CISO indicated that the company verified that the data had been destroyed before paying the $100,000.[22] Mr. Flynn expressed regret that Uber did not disclose the incident in 2016. As part of their response to this incident, Uber worked with partner HackerOne to update their bug bounty program policies to, among other things, more thoroughly explain good faith vulnerability research and disclosure.[23]

Yahoo! was severely criticized for sending out Yahoo! T-shirts as reward to the Security Researchers for finding and reporting security vulnerabilities in Yahoo!, sparking what came to be called T-shirt-gate.[24] High-Tech Bridge, a Geneva, Switzerland-based security testing company issued a press release saying Yahoo! offered $12.50 in credit per vulnerability, which could be used toward Yahoo-branded items such as T-shirts, cups and pens from its store. Ramses Martinez, director of Yahoo's security team claimed later in a blog post[25] that he was behind the voucher reward program, and that he basically had been paying for them out of his own pocket. Eventually, Yahoo! launched its new bug bounty program on October 31 of the same year, that allows security researchers to submit bugs and receive rewards between $250 and $15,000, depending on the severity of the bug discovered.[26]

Similarly, when Ecava released the first known bug bounty program for ICS in 2013,[27][28] they were criticized for offering store credits instead of cash which does not incentivize security researchers.[29] Ecava explained that the program was intended to be initially restrictive and focused on the human safety perspective for the users of IntegraXor SCADA, their ICS software.[27][28]

Some bug bounties programs have been criticized as tools to prevent security researcher from publicly disclosing vulnerabilities, by conditioning the participation to bug bounty or even granting safe-harbor, to abusive non-disclosure agreements.[30][31]

Geography edit

Though submissions for bug bounties come from many countries, a handful of countries tend to submit more bugs and receive more bounties. The United States and India are the top countries from which researchers submit bugs.[32] India, which has either the first or second largest number of bug hunters in the world, depending on which report one cites,[33] topped the Facebook Bug Bounty Program with the largest number of valid bugs.[34] In 2017, India had the highest number of valid submissions to Facebook's Whitehat program, followed by the United States and Trinidad and Tobago.[34]

Notable programs edit

In October 2013, Google announced a major change to its Vulnerability Reward Program. Previously, it had been a bug bounty program covering many Google products. With the shift, however, the program was broadened to include a selection of high-risk free software applications and libraries, primarily those designed for networking or for low-level operating system functionality. Submissions that Google found adherent to the guidelines would be eligible for rewards ranging from $500 to $3,133.70.[35][36] In 2017, Google expanded their program to cover vulnerabilities found in applications developed by third parties and made available through the Google Play Store.[37] Google's Vulnerability Rewards Program now includes vulnerabilities found in Google, Google Cloud, Android, and Chrome products, and rewards up to $31,337.[38]

Microsoft and Facebook partnered in November 2013 to sponsor The Internet Bug Bounty, a program to offer rewards for reporting hacks and exploits for a broad range of Internet-related software.[39] In 2017, GitHub and The Ford Foundation sponsored the initiative, which is managed by volunteers including from Uber, Microsoft,[40] Adobe, HackerOne, GitHub, NCC Group, and Signal Sciences.[41] The software covered by the IBB includes Adobe Flash, Python, Ruby, PHP, Django, Ruby on Rails, Perl, OpenSSL, Nginx, Apache HTTP Server, and Phabricator. In addition, the program offered rewards for broader exploits affecting widely used operating systems and web browsers, as well as the Internet as a whole.[42]

In March 2016, Peter Cook announced the US federal government's first bug bounty program, the "Hack the Pentagon" program.[43] The program ran from April 18 to May 12 and over 1,400 people submitted 138 unique valid reports through HackerOne. In total, the US Department of Defense paid out $71,200.[44]

In 2019, The European Commission announced the EU-FOSSA 2 bug bounty initiative for popular open source projects, including Drupal, Apache Tomcat, VLC, 7-zip and KeePass. The project was co-facilitated by European bug bounty platform Intigriti and HackerOne and resulted in a total of 195 unique and valid vulnerabilities.[45]

Open Bug Bounty is a crowd security bug bounty program established in 2014 that allows individuals to post website and web application security vulnerabilities in the hope of a reward from affected website operators.[46]

See also edit

References edit

  1. ^ "The Hacker-Powered Security Report - Who are Hackers and Why Do They Hack p. 23" (PDF). HackerOne. 2017. Retrieved June 5, 2018.
  2. ^ Ding, Aaron Yi; De Jesus, Gianluca Limon; Janssen, Marijn (2019). "Ethical hacking for boosting IoT vulnerability management". Proceedings of the Eighth International Conference on Telecommunications and Remote Sensing. Ictrs '19. Rhodes, Greece: ACM Press. pp. 49–55. arXiv:1909.11166. doi:10.1145/3357767.3357774. ISBN 978-1-4503-7669-3. S2CID 202676146.
  3. ^ Weulen Kranenbarg, Marleen; Holt, Thomas J.; van der Ham, Jeroen (November 19, 2018). "Don't shoot the messenger! A criminological and computer science perspective on coordinated vulnerability disclosure". Crime Science. 7 (1): 16. doi:10.1186/s40163-018-0090-8. ISSN 2193-7680. S2CID 54080134.
  4. ^ "Mozilla Security Bug Bounty Program". Mozilla. Retrieved July 9, 2017.
  5. ^ Kovacs, Eduard (May 12, 2017). "Mozilla Revamps Bug Bounty Program". SecurityWeek. Retrieved August 3, 2017.
  6. ^ "Meta Bug Bounty programme info". Facebook. n.d. Retrieved October 17, 2023.
  7. ^ "Yahoo! Bug Bounty Program". HackerOne. Retrieved March 11, 2014.
  8. ^ "Vulnerability Assessment Reward Program". Retrieved March 11, 2014.
  9. ^ "Reddit - whitehat". Reddit. Retrieved May 30, 2015.
  10. ^ "Square bug bounty program". HackerOne. Retrieved August 6, 2014.
  11. ^ "Microsoft Bounty Programs". Microsoft Bounty Programs. Security TechCenter. Archived from the original on November 21, 2013. Retrieved September 2, 2016.
  12. ^ Zimmerman, Steven (July 26, 2017). "Microsoft Announces Windows Bug Bounty Program and Extension of Hyper-V Bounty Program". XDA Developers. Retrieved August 3, 2017.
  13. ^ HackerOne. "Bug Bounties - Open Source Bug Bounty Programs". Retrieved March 23, 2020.
  14. ^ "The Pentagon Opened up to Hackers - And Fixed Thousands of Bugs". Wired. November 10, 2017. Retrieved May 25, 2018.
  15. ^ "A Framework for a Vulnerability Disclosure Program for Online Systems". Cybersecurity Unit, Computer Crime & Intellectual Property Section Criminal Division U.S. Department of Justice. July 2017. Retrieved May 25, 2018.
  16. ^ "The first "bug" bounty program". Twitter. July 8, 2017. Retrieved June 5, 2018.
  17. ^ . Internet Archive. Archived from the original on May 1, 1997. Retrieved January 21, 2015.
  18. ^ "Bounty attracts bug busters". CNET. June 13, 1997. Retrieved October 17, 2023.
  19. ^ Friis-Jensen, Esben (April 11, 2014). . Cobalt.io. Archived from the original on March 16, 2020. Retrieved October 17, 2023.
  20. ^ "Zuckerberg's Facebook page hacked to prove security flaw". CNN. August 20, 2013. Retrieved November 17, 2019.
  21. ^ Mills, Elinor. "Facebook whitehat Debit card". CNET.
  22. ^ "Testimony of John Flynn, Chief Information Security Officer, Uber Technologies, Inc" (PDF). United States Senate. February 6, 2018. Retrieved June 4, 2018.
  23. ^ "Uber Tightens Bug Bounty Extortion Policy". Threat Post. April 27, 2018. Retrieved June 4, 2018.
  24. ^ Osborne, Charlie. "Yahoo changes bug bounty policy following 't-shirt gate'". ZDNet.
  25. ^ Martinez, Ramses. "So I'm the guy who sent the t-shirt out as a thank you". Yahoo Developer Network. Retrieved October 2, 2013.
  26. ^ Martinez, Ramses. "The Bug Bounty Program is Now Live". Yahoo Developer Network. Retrieved October 31, 2013.
  27. ^ a b Toecker, Michael (July 23, 2013). "More on IntegraXor's Bug Bounty Program". Digital Bond. Retrieved May 21, 2019.
  28. ^ a b Ragan, Steve (July 18, 2013). "SCADA vendor faces public backlash over bug bounty program". CSO. Retrieved May 21, 2019.
  29. ^ Rashi, Fahmida Y. (July 16, 2013). "SCADA Vendor Bashed Over 'Pathetic' Bug Bounty Program". Security Week. Retrieved May 21, 2019.
  30. ^ "How Zoom handled vulnerability shows the dark side of bug bounty's". ProPrivacy.com. Retrieved May 17, 2023.
  31. ^ Porup, J. M. (April 2, 2020). "Bug bounty platforms buy researcher silence, violate labor laws, critics say". CSO Online. Retrieved May 17, 2023.
  32. ^ "The 2019 Hacker Report" (PDF). HackerOne. Retrieved March 23, 2020.
  33. ^ "Bug hunters aplenty but respect scarce for white hat hackers in India". Factor Daily. February 8, 2018. Retrieved June 4, 2018.
  34. ^ a b "Facebook Bug Bounty 2017 Highlights: $880,000 Paid to Researchers". Facebook. January 11, 2018. Retrieved June 4, 2018.
  35. ^ Goodin, Dan (October 9, 2013). "Google offers "leet" cash prizes for updates to Linux and other OS software". Ars Technica. Retrieved March 11, 2014.
  36. ^ Zalewski, Michal (October 9, 2013). "Going beyond vulnerability rewards". Google Online Security Blog. Retrieved March 11, 2014.
  37. ^ "Google launched a new bug bounty program to root out vulnerabilities in third-party apps on Google Play". The Verge. October 22, 2017. Retrieved June 4, 2018.
  38. ^ "Vulnerability Assessment Reward Program". Retrieved March 23, 2020.
  39. ^ Goodin, Dan (November 6, 2013). "Now there's a bug bounty program for the whole Internet". Ars Technica. Retrieved March 11, 2014.
  40. ^ Abdulridha, Alaa (March 18, 2021). "How I hacked Facebook: Part Two". infosecwriteups. Retrieved March 18, 2021.
  41. ^ "Facebook, GitHub, and the Ford Foundation donate $300,000 to bug bounty program for internet infrastructure". VentureBeat. July 21, 2017. Retrieved June 4, 2018.
  42. ^ "The Internet Bug Bounty". HackerOne. Retrieved March 11, 2014.
  43. ^ "DoD Invites Vetted Specialists to 'Hack' the Pentagon". U.S. DEPARTMENT OF DEFENSE. Retrieved June 21, 2016.
  44. ^ "Vulnerability disclosure for Hack the Pentagon". HackerOne. Retrieved June 21, 2016.
  45. ^ "EU-FOSSA 2 - Bug Bounties Summary" (PDF).
  46. ^ Dutta, Payel (February 19, 2018). "Open Bug Bounty: 100,000 fixed vulnerabilities and ISO 29147". TechWorm. Retrieved April 10, 2023.

February 15, 2024
bounty, program, bounty, program, deal, offered, many, websites, organizations, software, developers, which, individuals, receive, recognition, compensation, reporting, bugs, especially, those, pertaining, security, exploits, vulnerabilities, these, programs, . A bug bounty program is a deal offered by many websites organizations and software developers by which individuals can receive recognition and compensation 1 2 for reporting bugs especially those pertaining to security exploits and vulnerabilities 3 These programs allow the developers to discover and resolve bugs before the general public is aware of them preventing incidents of widespread abuse and data breaches Bug bounty programs have been implemented by a large number of organizations including Mozilla 4 5 Facebook 6 Yahoo 7 Google 8 Reddit 9 Square 10 Microsoft 11 12 and the Internet bug bounty 13 Companies outside the technology industry including traditionally conservative organizations like the United States Department of Defense have started using bug bounty programs 14 The Pentagon s use of bug bounty programs is part of a posture shift that has seen several US Government Agencies reverse course from threatening white hat hackers with legal recourse to inviting them to participate as part of a comprehensive vulnerability disclosure framework or policy 15 Contents 1 History 2 Vulnerability Disclosure Policy controversy 3 Geography 4 Notable programs 5 See also 6 ReferencesHistory editHunter and Ready initiated the first known bug bounty program in 1981 for their Versatile Real Time Executive operating system Anyone who found and reported a bug would receive a Volkswagen Beetle a k a Bug in return 16 On October 10 1995 Netscape Communications Corporation launched a Bugs Bounty program for the beta version of its Netscape Navigator 2 0 browser 17 18 19 Vulnerability Disclosure Policy controversy editIn August 2013 a Palestinian computer science student reported a vulnerability that allowed anyone to post a video on an arbitrary Facebook account According to the email communication between the student and Facebook he attempted to report the vulnerability using Facebook s bug bounty program but the student was misunderstood by Facebook s engineers Later he exploited the vulnerability using the Facebook profile of Mark Zuckerberg resulting into Facebook refusing to pay him a bounty 20 nbsp A Facebook White Hat debit card which was given to researchers who reported security bugsFacebook started paying researchers who find and report security bugs by issuing them custom branded White Hat debit cards that can be reloaded with funds each time the researchers discover new flaws Researchers who find bugs and security improvements are rare and we value them and have to find ways to reward them Ryan McGeehan former manager of Facebook s security response team told CNET in an interview Having this exclusive black card is another way to recognize them They can show up at a conference and show this card and say I did special work for Facebook 21 In 2014 Facebook stopped issuing debit cards to researchers In 2016 Uber experienced a security incident when an individual accessed the personal information of 57 million Uber users worldwide The individual supposedly demanded a ransom of 100 000 in order to destroy rather than publish the data In Congressional testimony Uber CISO indicated that the company verified that the data had been destroyed before paying the 100 000 22 Mr Flynn expressed regret that Uber did not disclose the incident in 2016 As part of their response to this incident Uber worked with partner HackerOne to update their bug bounty program policies to among other things more thoroughly explain good faith vulnerability research and disclosure 23 Yahoo was severely criticized for sending out Yahoo T shirts as reward to the Security Researchers for finding and reporting security vulnerabilities in Yahoo sparking what came to be called T shirt gate 24 High Tech Bridge a Geneva Switzerland based security testing company issued a press release saying Yahoo offered 12 50 in credit per vulnerability which could be used toward Yahoo branded items such as T shirts cups and pens from its store Ramses Martinez director of Yahoo s security team claimed later in a blog post 25 that he was behind the voucher reward program and that he basically had been paying for them out of his own pocket Eventually Yahoo launched its new bug bounty program on October 31 of the same year that allows security researchers to submit bugs and receive rewards between 250 and 15 000 depending on the severity of the bug discovered 26 Similarly when Ecava released the first known bug bounty program for ICS in 2013 27 28 they were criticized for offering store credits instead of cash which does not incentivize security researchers 29 Ecava explained that the program was intended to be initially restrictive and focused on the human safety perspective for the users of IntegraXor SCADA their ICS software 27 28 Some bug bounties programs have been criticized as tools to prevent security researcher from publicly disclosing vulnerabilities by conditioning the participation to bug bounty or even granting safe harbor to abusive non disclosure agreements 30 31 Geography editThough submissions for bug bounties come from many countries a handful of countries tend to submit more bugs and receive more bounties The United States and India are the top countries from which researchers submit bugs 32 India which has either the first or second largest number of bug hunters in the world depending on which report one cites 33 topped the Facebook Bug Bounty Program with the largest number of valid bugs 34 In 2017 India had the highest number of valid submissions to Facebook s Whitehat program followed by the United States and Trinidad and Tobago 34 Notable programs editIn October 2013 Google announced a major change to its Vulnerability Reward Program Previously it had been a bug bounty program covering many Google products With the shift however the program was broadened to include a selection of high risk free software applications and libraries primarily those designed for networking or for low level operating system functionality Submissions that Google found adherent to the guidelines would be eligible for rewards ranging from 500 to 3 133 70 35 36 In 2017 Google expanded their program to cover vulnerabilities found in applications developed by third parties and made available through the Google Play Store 37 Google s Vulnerability Rewards Program now includes vulnerabilities found in Google Google Cloud Android and Chrome products and rewards up to 31 337 38 Microsoft and Facebook partnered in November 2013 to sponsor The Internet Bug Bounty a program to offer rewards for reporting hacks and exploits for a broad range of Internet related software 39 In 2017 GitHub and The Ford Foundation sponsored the initiative which is managed by volunteers including from Uber Microsoft 40 Adobe HackerOne GitHub NCC Group and Signal Sciences 41 The software covered by the IBB includes Adobe Flash Python Ruby PHP Django Ruby on Rails Perl OpenSSL Nginx Apache HTTP Server and Phabricator In addition the program offered rewards for broader exploits affecting widely used operating systems and web browsers as well as the Internet as a whole 42 In March 2016 Peter Cook announced the US federal government s first bug bounty program the Hack the Pentagon program 43 The program ran from April 18 to May 12 and over 1 400 people submitted 138 unique valid reports through HackerOne In total the US Department of Defense paid out 71 200 44 In 2019 The European Commission announced the EU FOSSA 2 bug bounty initiative for popular open source projects including Drupal Apache Tomcat VLC 7 zip and KeePass The project was co facilitated by European bug bounty platform Intigriti and HackerOne and resulted in a total of 195 unique and valid vulnerabilities 45 Open Bug Bounty is a crowd security bug bounty program established in 2014 that allows individuals to post website and web application security vulnerabilities in the hope of a reward from affected website operators 46 See also editBounty hunter Cyber arms industry Knuth reward check Program in 1980 Market for zero day exploits Open source bounty White hat computer security ZerodiumReferences edit The Hacker Powered Security Report Who are Hackers and Why Do They Hack p 23 PDF HackerOne 2017 Retrieved June 5 2018 Ding Aaron Yi De Jesus Gianluca Limon Janssen Marijn 2019 Ethical hacking for boosting IoT vulnerability management Proceedings of the Eighth International Conference on Telecommunications and Remote Sensing Ictrs 19 Rhodes Greece ACM Press pp 49 55 arXiv 1909 11166 doi 10 1145 3357767 3357774 ISBN 978 1 4503 7669 3 S2CID 202676146 Weulen Kranenbarg Marleen Holt Thomas J van der Ham Jeroen November 19 2018 Don t shoot the messenger A criminological and computer science perspective on coordinated vulnerability disclosure Crime Science 7 1 16 doi 10 1186 s40163 018 0090 8 ISSN 2193 7680 S2CID 54080134 Mozilla Security Bug Bounty Program Mozilla Retrieved July 9 2017 Kovacs Eduard May 12 2017 Mozilla Revamps Bug Bounty Program SecurityWeek Retrieved August 3 2017 Meta Bug Bounty programme info Facebook n d Retrieved October 17 2023 Yahoo Bug Bounty Program HackerOne Retrieved March 11 2014 Vulnerability Assessment Reward Program Retrieved March 11 2014 Reddit whitehat Reddit Retrieved May 30 2015 Square bug bounty program HackerOne Retrieved August 6 2014 Microsoft Bounty Programs Microsoft Bounty Programs Security TechCenter Archived from the original on November 21 2013 Retrieved September 2 2016 Zimmerman Steven July 26 2017 Microsoft Announces Windows Bug Bounty Program and Extension of Hyper V Bounty Program XDA Developers Retrieved August 3 2017 HackerOne Bug Bounties Open Source Bug Bounty Programs Retrieved March 23 2020 The Pentagon Opened up to Hackers And Fixed Thousands of Bugs Wired November 10 2017 Retrieved May 25 2018 A Framework for a Vulnerability Disclosure Program for Online Systems Cybersecurity Unit Computer Crime amp Intellectual Property Section Criminal Division U S Department of Justice July 2017 Retrieved May 25 2018 The first bug bounty program Twitter July 8 2017 Retrieved June 5 2018 Netscape announces Netscape Bugs Bounty with release of netscape navigator 2 0 Internet Archive Archived from the original on May 1 1997 Retrieved January 21 2015 Bounty attracts bug busters CNET June 13 1997 Retrieved October 17 2023 Friis Jensen Esben April 11 2014 The History of Bug Bounty Programs Cobalt io Archived from the original on March 16 2020 Retrieved October 17 2023 Zuckerberg s Facebook page hacked to prove security flaw CNN August 20 2013 Retrieved November 17 2019 Mills Elinor Facebook whitehat Debit card CNET Testimony of John Flynn Chief Information Security Officer Uber Technologies Inc PDF United States Senate February 6 2018 Retrieved June 4 2018 Uber Tightens Bug Bounty Extortion Policy Threat Post April 27 2018 Retrieved June 4 2018 Osborne Charlie Yahoo changes bug bounty policy following t shirt gate ZDNet Martinez Ramses So I m the guy who sent the t shirt out as a thank you Yahoo Developer Network Retrieved October 2 2013 Martinez Ramses The Bug Bounty Program is Now Live Yahoo Developer Network Retrieved October 31 2013 a b Toecker Michael July 23 2013 More on IntegraXor s Bug Bounty Program Digital Bond Retrieved May 21 2019 a b Ragan Steve July 18 2013 SCADA vendor faces public backlash over bug bounty program CSO Retrieved May 21 2019 Rashi Fahmida Y July 16 2013 SCADA Vendor Bashed Over Pathetic Bug Bounty Program Security Week Retrieved May 21 2019 How Zoom handled vulnerability shows the dark side of bug bounty s ProPrivacy com Retrieved May 17 2023 Porup J M April 2 2020 Bug bounty platforms buy researcher silence violate labor laws critics say CSO Online Retrieved May 17 2023 The 2019 Hacker Report PDF HackerOne Retrieved March 23 2020 Bug hunters aplenty but respect scarce for white hat hackers in India Factor Daily February 8 2018 Retrieved June 4 2018 a b Facebook Bug Bounty 2017 Highlights 880 000 Paid to Researchers Facebook January 11 2018 Retrieved June 4 2018 Goodin Dan October 9 2013 Google offers leet cash prizes for updates to Linux and other OS software Ars Technica Retrieved March 11 2014 Zalewski Michal October 9 2013 Going beyond vulnerability rewards Google Online Security Blog Retrieved March 11 2014 Google launched a new bug bounty program to root out vulnerabilities in third party apps on Google Play The Verge October 22 2017 Retrieved June 4 2018 Vulnerability Assessment Reward Program Retrieved March 23 2020 Goodin Dan November 6 2013 Now there s a bug bounty program for the whole Internet Ars Technica Retrieved March 11 2014 Abdulridha Alaa March 18 2021 How I hacked Facebook Part Two infosecwriteups Retrieved March 18 2021 Facebook GitHub and the Ford Foundation donate 300 000 to bug bounty program for internet infrastructure VentureBeat July 21 2017 Retrieved June 4 2018 The Internet Bug Bounty HackerOne Retrieved March 11 2014 DoD Invites Vetted Specialists to Hack the Pentagon U S DEPARTMENT OF DEFENSE Retrieved June 21 2016 Vulnerability disclosure for Hack the Pentagon HackerOne Retrieved June 21 2016 EU FOSSA 2 Bug Bounties Summary PDF Dutta Payel February 19 2018 Open Bug Bounty 100 000 fixed vulnerabilities and ISO 29147 TechWorm Retrieved April 10 2023 Retrieved from https en wikipedia org w index php title Bug bounty program amp oldid 1205607707, wikipedia, wiki, book, books, library,

article

, read, download, free, free download, mp3, video, mp4, 3gp, jpg, jpeg, gif, png, picture, music, song, movie, book, game, games.