Bug Bounties are rewards offered for identifying bugs or security holes in software. See the full explanation below.
Get to know Bug Bounties
Bug bounties are programs run by many companies and organizations, in which individuals—usually security researchers or ethical hackers—are rewarded for discovering and reporting vulnerabilities or bugs in their software or systems.
In the crypto world, bug bounties are often offered by cryptocurrency businesses such as protocols , exchanges and wallet operators.
Bounty schemes can be thought of as a competition between friendly hackers. These schemes are public — and companies offering bug bounties can (theoretically) fix identified bugs before they become known to bad actors.
Purpose of the Bug Bounty Program
- Improving Security: By leveraging the expertise of the security research community, companies can identify and fix security gaps that may go undetected by their internal teams.
- Responsible Disclosure: Provides a platform for researchers to ethically report vulnerabilities, allowing companies to fix them before information about the bug becomes public and is exploited by attackers.
- Reduce Risk: Minimize the risk of data breaches and cyber attacks by closing security gaps as quickly as possible.
- Building Relationships with the Security Community: Encourage collaboration between companies and the cybersecurity community, building mutual trust and valuing their contributions.
How Much is the Bug Bounty Reward?
In most cases, bug bounties are assessed based on the severity of the bug identified. According to HackerOne, nearly $900,000 in bug bounties were paid out in 2018 alone.
Bounty values per individual can be very low — and companies generally pay around $100 in exchange for low-level bug identification. However, critical bugs can sometimes attract bounties of $10,000 or more.
Some hackers make huge amounts of money by identifying bugs. Guido Vranken, a Dutch researcher, identified 12 bugs within a week — and was paid $120,000 by EOS in return.
Closing
From a software owner's perspective, bug bounties are considered an additional security activity, used in addition to other proactive measures. The top priority for developers is to build secure code and minimize bugs before launching a product.
However, even the most careful miner will stumble and miss a bug, and some of these bugs can pose security risks. Bug bounties therefore act as an important second line of defense protecting software owners and users from malicious actors.
Also Read
What is a Smart Contract Audit and How is the Process?
What is Counter-Terrorism Financing (CFT)?
What is a Distributed Denial of Service (DDoS) Attack?
DISCLAIMER : This article is informational in nature and is not an offer or invitation to sell or buy any crypto assets. Trading crypto assets is a high-risk activity. Crypto asset prices are volatile, where prices can change randomly
Comments
0 comments
Please sign in to leave a comment.