Scanning your connection...
Default PrivacyDefault Privacy
Back to Glossary
Cloud

What is Bug Bounty?

A program where organizations pay security researchers for responsibly disclosing vulnerabilities, encouraging ethical hacking rather than exploitation.

Bug bounties incentivize finding and fixing security flaws before attackers exploit them.

How It Works

  1. Company defines scope (which systems/features are in scope)
  2. Researchers test for vulnerabilities within the rules
  3. Valid vulnerabilities are reported through the program
  4. Company fixes the issue and pays the researcher

Major Platforms

  • HackerOne: Hosts programs for thousands of companies
  • Bugcrowd: Similar platform with managed programs
  • Direct programs: Google, Apple, Microsoft run their own

Privacy Impact

  • Bug bounties help privacy tools stay secure (Signal, Tor, Proton all have programs)
  • Finding and fixing vulnerabilities protects user data
  • Responsible disclosure prevents zero-day exploitation

Related Terms

Attack Surface

The total number of points where an unauthorized user could attempt to enter or extract data from a system.

Zero-Day Exploit

An attack that exploits a previously unknown software vulnerability, giving defenders zero days to prepare a patch before it's used in the wild.

Have more questions?

Use our guided flow to get the right next privacy step for Bug Bounty.

Open Guided Flow