Definition

What is Bug Bounty?

A crowdsourced security program that offers financial rewards to independent security researchers who responsibly disclose vulnerabilities in a product or service. Bug bounty programs complement internal testing and automated scanning by drawing on a diverse global pool of researchers with varied expertise. Major platforms such as HackerOne and Bugcrowd facilitate structured programs with defined scope, severity tiers, and payout ranges.

Related terms

Ethical Hacking →

The authorized practice of using offensive attack techniques against a system to identify security weaknesses before malicious actors can exploit them.

Penetration Testing →

A structured, authorized simulation of a real-world cyberattack against a system, network, or application with the goal of identifying exploitable vulnerabilities before malicious actors do.

Zero-Day Vulnerability →

A software vulnerability that has been discovered but not yet publicly disclosed or patched by the vendor, leaving affected systems with no available fix at the time it is known or exploited.

Common Vulnerabilities and Exposures (CVE) →

A public catalog of disclosed security vulnerabilities, each assigned a unique identifier in the format CVE-YEAR-NUMBER (e.g., CVE-2021-44228 for Log4Shell).

Put this into practice

AI penetration testing for web applications →

See how Penetrify's autonomous AI agents find and validate this class of security issue in your application.