Bug Bounty
Definition
A bug bounty is a program offered by organizations to incentivize security researchers and ethical hackers to identify and report vulnerabilities in their software, systems, or applications. Participants are rewarded with monetary compensation, recognition, or both, depending on the severity and impact of the discovered vulnerabilities. Bug bounty programs help organizations proactively improve their security posture by leveraging the skills of the global security community.
Secure Settings Example
# Example of a secure bug bounty policy configuration
bug_bounty_policy:
scope:
- domain: "*.example.com"
type: "web application"
- domain: "api.example.com"
type: "API"
rewards:
minimum: "$100"
maximum: "$10,000"
disclosure_policy:
- type: "responsible disclosure"
- timeline: "90 days"
exclusions:
- type: "denial of service"
- type: "social engineering"
Insecure Settings Example
# Example of an insecure bug bounty policy configuration
bug_bounty_policy:
scope:
- domain: "*.example.com"
rewards:
minimum: "$10"
maximum: "$100"
disclosure_policy:
- type: "full disclosure"
- timeline: "immediate"
exclusions:
- type: "none"