CHAPTER 9

Bug Bounty Programs

This chapter unpacks the topic of bug bounty programs and presents both sides of the discussion—from a software vendor’s point of view and from a security researcher’s point of view. We discuss the topic of vulnerability disclosure at length, including a history of the trends that led up to the current state of bug bounty programs. For example, we discuss full public disclosure, from all points of view, allowing you to decide which approach to take. The types of bug bounty programs are also discussed, including corporate, government, private, public, and open source. We then investigate the Bugcrowd bug bounty platform, from the viewpoint of both a program owner (vendor) and a researcher. We also look at the interfaces ...

Get Gray Hat Hacking The Ethical Hacker's Handbook, Fifth Edition, 5th Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.