Bug Bounty: New Practice for Securing IT Applications
Bug Bounty also known as vulnerability rewards program (VRP) is a financial reward offered by technology organizations to anyone who discovers and reports bugs (vulnerabilities) in computer applications or services. It complements companies' audit programs and penetration testing in their vulnerability management security policies. The discovery flaw must be well documented in a report sent to the organization adopting the bug bounty program so that it can easily understand the bug, replicate the exploit, and then fix it. Discovering a previously unknown fault and succeeding, then proving it (Proof of Concept), then writing it in a clear report is not easy.
The goal is to secure IT products by closing any breach that could be exploited by hackers to cause damage that can be irremediable.