Days after the malware “Judy” which targeted the Android app store and burrowed into over 36.5 million devices, Google announced that it would increase the maximum Android bug bounty to $200,000 to said it could make its ecosystem more secure.
Other web giants like Facebook and Twitter also pays a healthy sum to keep bugs at bay. Last year Facebook paid $15,000 to a security researcher named Anand Prakash, who helped in solving a bug that could unlock any user’s account. Facebook spent over 5 million dollars on bug-bounty programs, sending payouts to over 800 researchers all across the globe since the bug bounty program began in 2011.
So, what exactly is a bug bounty program?
A bug bounty program is a deal offered by many websites and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to exploits and vulnerabilities. These programs allow the developers to discover and resolve bugs before the general public is aware of them, preventing incidents of widespread abuse.
Many companies (such as Facebook) value bug bounties according to risk rather than just complexity. So it need not require you to solve only complex bugs, you can just help out by pointing simpler bugs and errors (which may in terms pay you quite well)