Bug bounty programs are usually organized by software companies or websites, where developers get rewarded for finding bugs; in the form of vulnerabilities and probable exploits. If you’re part of the ethical hacking community, bug hunting is where you could shine. Hack, report and get paid. Here are some lucrative bug bounty programs to keep track of:
Microsoft Bounty Program for Finding Bugs in Its Identity Services: You can make up to $100,000 in this program offered by the technology giant, Microsoft. Find a flaw in its “Identity services”, report and get a grand reward. This includes undisclosed vulnerabilities in Microsoft Account or Azure Active Directory Account, listed OpenID standards or with the protocol implemented in Microsoft’s certified products, services, or libraries, any version of Microsoft Authenticator application. Rewards vary according to the nature of the vulnerability.
| High Quality Submissions | Baseline Quality Submissions | Incomplete Submissions | |
| Significant Authentication Bypass | Up to $40,000 | Up to $10,000 | From $1,000 |
| Multi-factor Authentication Bypass | Up to $100,000 | Up to $50,000 | From $1,000 |
| Standards design vulnerabilities | Up to $100,000 | Up to $30,000 | From $2,500 |
| Standards-based implementation vulnerabilities | Up to $75,000 | Up to $25,000 | From $2,500 |
| Cross-Site Scripting (XSS) | Up to $10,000 | Up to $4,000 | From $1,000 |
| Cross-Site Request Forgery (CSRF) | Up to $20,000 | Up to $5,000 | From $500 |
| Authorization Flaw | Up to $8,000 | Up to $4,000 | From $500 |
| Sensitive Data Exposure | Up to $5,000 | Up to $2,500 | From $500 |
Facebook bug bounty program: Security researchers or anyone who has found a flaw in Facebook or a Facebook product can report and get rewarded $500 minimum. Qualify for a bounty by reporting a security bug in Facebook or one of the following qualifying products or acquisitions:
- Internet.org / Free Basics
- Moves
- Oculus
- Onavo
- Open source projects by Facebook (e.g. osquery)
Eligible Intel products and technologies:
Intel Hardware
- Processor (inclusive of micro-code ROM + updates)
- Chipset
- FPGA
- Networking / Communication
- Motherboard / System (e.g., Intel Compute Stick, NUC)
- Solid State Drives
- UEFI BIOS (Tiano core components for which Intel is the only named maintainer)
- Intel® Management Engine
- Baseboard Management Controller (BMC)
- Motherboard / System (e.g., Intel Compute Stick)
- Solid State Drives
- Device driver
- Application
- Tool
Qualifying vulnerabilities:
There is a focus on critical, high and medium impact bugs, but any clever vulnerability at any severity might get a reward. Rewards for qualifying bugs typically range from $500 to $100,000.
The following table outlines the usual rewards chosen for the most common classes of bugs:
| High-quality report with functional exploit [1] | High-quality report [2] | Baseline [3] | Low-quality report [4] | |
| Sandbox Escape [5] | $15,000 | $10,000 | $2,000 - $5,000 | $500 |
| Renderer Remote Code Execution | $7,500 | $5,000 | $1,000 - $3,000 | $500 |
| Universal XSS (local bypass or equivalent) | $7,500 | $5,000 | N/A | N/A |
| Information Leak | $4,000 | $2,000 | $0 - $1000 | $0 |
| Download Protection bypass [6] | N/A | $1,000 | $0 - $500 | $0 |
It is necessary to check out the official websites of each site for eligibility information and to confirm what they reward for and what they don't. In addition, most organizations obviously require you don't share any found bug publicly until it's confirmed and resolved.
Posted from my blog with SteemPress : https://latesthackingnews.com/2018/07/22/make-money-as-a-hacker-highest-paying-bug-bounty-programs/
Warning! This user is on my black list, likely as a known plagiarist, spammer or ID thief. Please be cautious with this post!
If you believe this is an error, please chat with us in the #cheetah-appeals channel in our discord.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit