A bug bounty program is a deal offered by many websites, organizations, and software developers by which individuals can receive recognition and compensation[1][2] for reporting bugs, especially those pertaining to securityexploits and vulnerabilities.[3]
These programs allow the developers to discover and resolve bugs before the general public is aware of them, preventing incidents of widespread abuse and data breaches. Bug bounty programs have been implemented by a large number of organizations, including Mozilla,[4][5]Facebook,[6]Yahoo!,[7]Google,[8]Reddit,[9]Square,[10]Microsoft,[11][12] and the Internet bug bounty.[13]
Companies outside the technology industry, including traditionally conservative organizations like the United States Department of Defense, have started using bug bounty programs.[14] The Pentagon's use of bug bounty programs is part of a posture shift that has seen several US Government Agencies reverse course from threatening white hat hackers with legal recourse to inviting them to participate as part of a comprehensive vulnerability disclosure framework or policy.[15]