Bug bounty programs have been popular since the 1990s when Netscape first introduced them for their Netscape Navigator 2.0 Beta browser.
Since then, bug bounty programs have been an excellent way for technology companies to crowdsource for help in improving their products and services. In essence, bug bounty programs are an open call for ethical hackers and researchers to look for major bugs in certain services or software.
Several big tech companies consistently run bug bounty programs with the aid of ethical hackers and tech fans. By reporting these bugs, these hackers help improve the quality of products and look out for things that engineers in the company might have missed.
We are highlighting some of the best bug bounty programs from around the world that you can partake in.
1. Apple
Apple runs a security bounty program that rewards researchers and ethical hackers for various bugs found.
The bounty categories include iCloud, network attacks, and device attacks. The highest reward goes for $1,000,000 to anyone who can demonstrate a bug in a zero-click kernel code execution with persistence and kernel PAC bypass.
If you’re interested in participating in any one of Apple’s security bounty programs, be sure to read their site first as it details eligibility requirements and ways you can maximize your payout. The site also shares ways you send your report and other additional information you might need.
2. ExpressVPN
Virtual private network company ExpressVPN runs a bug bounty program for its VPN server technology, TrustedServer.
ExpressVPN’s bonus of $100,000 is one of the highest bounties ever offered on Bugcrowd. The reward will go to the first person that submits a valid and critical vulnerability specified by the company.
TrustedServer prevents ExpressVPN’s server operating system and apps from writing information and data to a hard drive. The server runs on RAM and is wiped entirely almost every week when the operating system gets reinstalled. This prevents potential intruders from accessing data.
3. Facebook
Facebook, or Meta, has a bug bounty program that looks for issues in their vast array of products. Everyone is invited to report security bugs from Meta’s owned products, whether it’s Facebook, Instagram, or WhatsApp.
Because of the sheer amount of products owned, Meta has a long and detailed list of technology and eligibility requirements for each platform that everyone should read before attempting to look for bugs.
Besides detailing the requirements, Meta publicly gives thanks to all bug bounty hunters throughout the years. Payouts from Meta’s bug bounty programs can range anywhere from $5,000 to $40,000. In 2021, Meta also introduced a Payout Time Bonus where specific bonuses will be made between certain times. For example, payouts between 30 to 59 days will receive a 5% bonus, and payouts made between 60 to 89 days can get a 7.5% bonus.
4. Intel
Intel’s bug bounty focuses mainly on the company’s software, firmware, and hardware. Ethical hackers will be expected to look for issues within the Pentium, Celeron, and Intel Atom processors.
Unfortunately, the program doesn’t reward researchers who find bugs in the company’s third-party software or acquisitions.
Right now, Intel works with a third-party agency, Intigriti, to run their bug bounty programs. Payouts have been reported to range between $500 to $30,000. Considering that 75% of laptop central processing units use Intel processors, any bug you find will significantly help other people.
5. Google
Instead of calling it a bug bounty program, Google calls its program the Google and Alphabet Vulnerability Reward Program (VRP).
Unlike other companies, Google doesn’t limit researchers to specific platforms and will reward anyone in the cybersecurity community who can find issues on any Google, Blogger, or YouTube page. The VRP only covers design and implementation issues, so be sure to look out for those.
Before embarking on your journey to find bugs, be sure to check on Google’s VRP site to make sure you’re up to date on the requirements and eligibility factors.
Google’s payout ranges from a minimum of $100 to $31,337.
In general, bug bounty programs are an excellent way for ethical hackers, researchers, and super fans of certain companies to flex their knowledge on cybersecurity. For some bug bounty programs serve as an excellent way for researchers to make money. Considering the amount some big technology companies are willing to pay, it’s no surprise. While lucrative payouts are perfect incentives, many researchers simply enjoy looking for bugs and solving problems for the greater good.