Glossary · Term

bug bounty

← all terms

Definition

Plain language

A cash reward a company offers to anyone who finds and responsibly reports a security flaw in its software.

As stated in the literature

A vulnerability-disclosure incentive program paying researchers for responsibly reported security flaws, scaled by severity; the channel through which the slyp-discovered Windows COM race conditions were rewarded by Microsoft.

Also called: bug bounties

Why it matters: It gives skilled outsiders a legal, paid reason to report flaws instead of selling or exploiting them, helping companies fix problems before they are abused.

For example, a researcher who discovers a flaw that lets attackers read other users' messages can report it through the company's bug bounty program and receive a cash reward.

Heard on the show

“Think of a bug bounty where a claimed exploit only pays out after someone reproduces it on a live system.”
Episode 202 — How Do You Know an AI Agent Actually Refused? Check the World, Not the Words

Mentioned in 2 episodes

  1. 202
    How Do You Know an AI Agent Actually Refused? Check the World, Not the Words
  2. 024
    An AI Agent That Found 28 Zero-Days in Windows — And What Made It Work

Related terms