It is no hidden secret that major technology companies run bug rewards programs to improve the security of their applications and databases. In light of the major data breaches, technology companies are now raising the ante and raising the cash prize for error rewards programs to encourage security researchers to actively find and report vulnerabilities. Below are some of the popular bug rewards programs that you can participate in and earn thousands of dollars in the process, simply by working from the comfort of your home.
1. Apple Security Issues
Very few developers know about Apple’s bug-reward program. The program is limited to selected researchers only. Initially, when Apple started the program, it was limited to only 24 security researchers. Later, the company expanded to include more bounty hunters. There is no upper limit to the amount that Apple can offer as a reward for errors. However, Apple is willing to pay $ 100,000 to researchers who can extract data protected by Apple’s Secure Enclave technology.
2. Google Vulnerability Reward Program
Google will pay a minimum of $ 100 and a maximum of $ 31,337 depending on the severity of the reported error and the type of potential damage it can inflict on associated partner systems. All content on Google, YouTube and other platforms owned by Google are part of this vulnerability reward program. The program currently covers only design and implementation problems.
There are several active bug rewards programs at Microsoft. Programs like Microsoft Identity can offer up to $ 100,000 to report vulnerability in identity services such as Azure Active Directory or Microsoft Account. If you want to get a bigger reward, consider participating in Microsoft Hyper-V and Generation of the lateral speculative execution channel, which can give you up to $ 250,000 each. More details can be accessed from the Microsoft website.
Facebook has an open bug rewards program. Anyone can report errors on Facebook and on Facebook-owned platforms. There is no upper limit to the reward, there are cases where Facebook has rewarded nearly half a million dollars to a single security researcher for reporting critical errors. A very necessary program that we must say taking into account the recent data breaches on Facebook.
The open source platform for sharing codes, GitHub has its own program of bug rewards since 2013. Each successful participant can earn points for sending vulnerabilities through the GitHub bug rewards program. Depending on the severity, GitHub decides the reward for security researchers. $ 200 is the minimum payment offered, while the maximum limit can be up to $ 1000 for critical errors.