{"id":434895,"date":"2022-04-20T21:00:41","date_gmt":"2022-04-20T18:00:41","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/what-is-a-bug-bounty-and-how-can-you-claim-one\/"},"modified":"2022-04-20T21:00:41","modified_gmt":"2022-04-20T18:00:41","slug":"what-is-a-bug-bounty-and-how-can-you-claim-one","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/what-is-a-bug-bounty-and-how-can-you-claim-one\/","title":{"rendered":"#What Is a Bug Bounty and How Can You Claim One?"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_85 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a3bbf06d0183\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a3bbf06d0183\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/what-is-a-bug-bounty-and-how-can-you-claim-one\/#%E2%80%9CWhat_Is_a_Bug_Bounty_and_How_Can_You_Claim_One%E2%80%9D\" >&#8220;What Is a Bug Bounty and How Can You Claim One?&#8221;<\/a><ul class='ez-toc-list-level-2' ><li class='ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/buradabiliyorum.com\/en\/what-is-a-bug-bounty-and-how-can-you-claim-one\/#What_Are_Bug_Bounty_Programs\" >What Are Bug Bounty Programs?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/buradabiliyorum.com\/en\/what-is-a-bug-bounty-and-how-can-you-claim-one\/#Who_Gets_to_Claim_Bug_Bounties\" >Who Gets to Claim Bug Bounties?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/buradabiliyorum.com\/en\/what-is-a-bug-bounty-and-how-can-you-claim-one\/#Bug_Bounty_Programs_Are_Not_All_the_Same\" >Bug Bounty Programs Are Not All the Same<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/buradabiliyorum.com\/en\/what-is-a-bug-bounty-and-how-can-you-claim-one\/#Where_to_Find_Bug_Bounty_Programs\" >Where to Find Bug Bounty Programs<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/buradabiliyorum.com\/en\/what-is-a-bug-bounty-and-how-can-you-claim-one\/#How_Much_Do_Bug_Bounties_Pay\" >How Much Do Bug Bounties Pay?<\/a><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n<h1><span class=\"ez-toc-section\" id=\"%E2%80%9CWhat_Is_a_Bug_Bounty_and_How_Can_You_Claim_One%E2%80%9D\"><\/span>&#8220;What Is a Bug Bounty and How Can You Claim One?&#8221;<span class=\"ez-toc-section-end\"><\/span><\/h1>\n<div>\n<figure style=\"width: 1200px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"type:primaryImage size-full wp-image-794767\" data-pagespeed-lazy-srcset=\"https:\/\/www.howtogeek.com\/wp-content\/uploads\/2022\/03\/computer-programmer-multiple-monitors-laptop.jpg?width=398&amp;trim=1,1&amp;bg-color=000&amp;pad=1,1 400w, https:\/\/www.howtogeek.com\/wp-content\/uploads\/2022\/03\/computer-programmer-multiple-monitors-laptop.jpg?width=1198&amp;trim=1,1&amp;bg-color=000&amp;pad=1,1 1200w\" sizes=\"auto, 400w, 1200w\" data-pagespeed-lazy-src=\"https:\/\/www.howtogeek.com\/wp-content\/uploads\/2022\/03\/computer-programmer-multiple-monitors-laptop.jpg?width=1198&amp;trim=1,1&amp;bg-color=000&amp;pad=1,1\" alt=\"You man using a laptop next to multiple computer monitors with code on display.\" width=\"1200\" height=\"675\" src=\"\/pagespeed_static\/1.JiBnMqyl6S.gif\" onload=\"pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\" onerror=\"this.onerror=null;pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\"\/><figcaption class=\"wp-caption-text\"><span class=\"type:primaryImage imagecredit\"><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.shutterstock.com\/image-photo\/portrait-african-american-developer-using-laptop-2108122673\">DC Studio\/Shutterstock.com<\/a><\/span><\/figcaption><\/figure>\n<p>Bug bounties allow people who discover security flaws in computer software and services to be rewarded with money. So what does it take to be a bug bounty hunter, and can you make a living doing it?<\/p>\n<p><strong>RELATED:<\/strong> <strong><em>If You Can Hack ExpressVPN, They&#8217;ll Give You $100,000<\/em><\/strong><\/p>\n<h2 role=\"heading\" aria-level=\"2\"><span class=\"ez-toc-section\" id=\"What_Are_Bug_Bounty_Programs\"><\/span>What Are Bug Bounty Programs?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>The software and services we use every day are written by human beings often under pressure to get their code up and running so that the business can make money. While modern software development methods result in software with remarkably few serious problems, there\u2019s no way for a small group of developers to foresee every possibility or see every single mistake.<\/p>\n<p>Compare this to the army of hackers looking for every possible chink in the armor of that code, and it\u2019s clear why bug bounty programs are necessary. These programs offer a reward to people who discover a credible vulnerability or another qualifying type of problem in the <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>s and services provided.<\/p>\n<h2 role=\"heading\" aria-level=\"2\"><span class=\"ez-toc-section\" id=\"Who_Gets_to_Claim_Bug_Bounties\"><\/span>Who Gets to Claim Bug Bounties?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>In principle, it doesn\u2019t matter who discovers a vulnerability or exploit. What\u2019s important is that the company knows about it and fixes the problem before it leads to real damage. In practice, bug bounties are most often claimed by professional security researchers. These are specialists who intentionally try to find weaknesses in systems and either get paid bounties or upfront to do \u201c<a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.cloudsavvyit.com\/12185\/penetration-testing-has-more-benefits-than-you-think\/\">penetration testing<\/a>\u201d for a company.<\/p>\n<p>That doesn\u2019t mean you can\u2019t report one if you find it, but you need to look up the requirements for submission and see whether you have the technical information needed to report the issue.<\/p>\n<h2 role=\"heading\" aria-level=\"2\"><span class=\"ez-toc-section\" id=\"Bug_Bounty_Programs_Are_Not_All_the_Same\"><\/span>Bug Bounty Programs Are Not All the Same<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>The process to claim a bug bounty and what qualifies you to get the payment differs from one program to the next. The company in question sets the rules for what it considers a problem worth paying to know about. It will also set the proper format to report that problem, along with all the things it needs to know to replicate and verify the issue.<\/p>\n<p>The amount of money a verified report is worth will also differ. Some companies are huge, with large budgets for security. Others are small businesses or startups that rely on bug bounty programs to make up for their relatively small permanent cybersecurity staff complement. In that case, the bounties might be more modest.<\/p>\n<h2 role=\"heading\" aria-level=\"2\"><span class=\"ez-toc-section\" id=\"Where_to_Find_Bug_Bounty_Programs\"><\/span>Where to Find Bug Bounty Programs<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>The first place to check if you run across a reportable vulnerability is the company website that makes the product or offers the service in question. It\u2019s <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/general\/\" data-internallinksmanager029f6b8e52c=\"3\" title=\"General\" target=\"_blank\" rel=\"noopener\">general<\/a>ly only very large companies that run and administer their own bug bounty programs.<\/p>\n<p>Smaller outfits are more likely to use specialized bug bounty services. For example,\u00a0<a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/hackerone.com\/bug-bounty-programs\">HackerOne\u2019s bug bounty program list<\/a>\u00a0promotes programs from various companies that are managed through the site.<\/p>\n<h2 role=\"heading\" aria-level=\"2\"><span class=\"ez-toc-section\" id=\"How_Much_Do_Bug_Bounties_Pay\"><\/span>How Much Do Bug Bounties Pay?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<figure style=\"width: 650px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-794772\" data-pagespeed-lazy-src=\"https:\/\/www.howtogeek.com\/wp-content\/uploads\/2022\/03\/woman-cheerful-excited-money-dollars.jpg?trim=1,1&amp;bg-color=000&amp;pad=1,1\" alt=\"A woman with an excited expression holding a fan of one-hundred dollar bills.\" width=\"650\" height=\"350\" src=\"\/pagespeed_static\/1.JiBnMqyl6S.gif\" onload=\"pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\" onerror=\"this.onerror=null;pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\"\/><figcaption class=\"wp-caption-text\"><span class=\"imagecredit\"><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.shutterstock.com\/image-photo\/portrait-cheerful-young-woman-holding-money-1038717511\">Dean Drobot\/Shutterstock.com<\/a><\/span><\/figcaption><\/figure>\n<p>If you visited the HackerOne bug bounty list linked above, you may have noticed that each program lists a minimum bounty amount. If you open one of the programs, you\u2019ll see statistics on the average bounty payout as well as the reward tiers, depending on the severity of the vulnerability.<\/p>\n<p>Low-, medium-, and high- severity problems might net a few hundred to a thousand dollars, while critical vulnerabilities can pay out several thousand dollars.<\/p>\n<p>There have been some truly <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.reviewgeek.com\/56721\/apple-pays-288500-to-young-hackers-for-discovering-55-vulnerabilities\/\">staggering bounties<\/a> paid out over the years and <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/cointelegraph.com\/news\/makerdao-launches-biggest-ever-bug-bounty-with-10m-reward\">massive offers<\/a>, but these are somewhat like winning the lottery. You need to be the one who happens across a one-in-a-million exploit and it has to be in the system of a big player who has that type of cash. If you want to make a living from bug bounties, you\u2019re more likely to get a steady income from small common bugs that come up through systematic penetration testing.<\/p>\n<\/div>\n<p><script>\n setTimeout(function(){\n  !function(f,b,e,v,n,t,s)\n  {if(f.fbq)return;n=f.fbq=function(){n.callMethod?\n  n.callMethod.apply(n,arguments):n.queue.push(arguments)};\n  if(!f._fbq)f._fbq=n;n.push=n;n.loaded=!0;n.version='2.0';\n  n.queue=[];t=b.createElement(e);t.async=!0;\n  t.src=v;s=b.getElementsByTagName(e)[0];\n  s.parentNode.insertBefore(t,s) } (window, document,'script',\n  'https:\/\/connect.facebook.net\/en_US\/fbevents.js');\n   fbq('init', '335401813750447');\n   fbq('track', 'PageView');\n  },3000);\n<\/script><\/p>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more like this article, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/technology\/\" target=\"_blank\" rel=\"noopener\">Technology category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/www.howtogeek.com\/791390\/what-is-a-bug-bounty-and-how-can-you-claim-one\/\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;What Is a Bug Bounty and How Can You Claim One?&#8221; DC Studio\/Shutterstock.com Bug bounties allow people who discover security flaws in computer software and services to be rewarded with money. So what does it take to be a bug bounty hunter, and can you make a living doing it? RELATED: If You Can Hack&#8230;<\/p>\n","protected":false},"author":1,"featured_media":434896,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.howtogeek.com\/wp-content\/uploads\/2022\/03\/computer-programmer-multiple-monitors-laptop.jpg?height=200p&trim=2,2,2,2","fifu_image_alt":"","footnotes":""},"categories":[18],"tags":[],"class_list":["post-434895","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/434895","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=434895"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/434895\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/434896"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=434895"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=434895"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=434895"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}