All you need to know Bug bounty programs
It’s such a big world, all you know about it is just small peels, that world where the information, data, and Programming Languages are the Kings, and this infinit digital world, as many worlds has good and bad sides. A bad side like Hackers, dangerous viruses, and vulnerabilities. and a good side is Whoever devotes all his time and effort to fire as well on the sites and networks..
On our topic today, we will talk about bug hunters, and what it is
A bug bounty is:
A deal offered by many of big software companies, that the individuals receive rewards and for haunting bugs or software vulnerabilities.
These deals enable developers to discover and resolve vulnerabilities before the company knows about them, which helps to avoid abuse, and on top of those companies are Microsoft, Google, and Apple.
Beginnings ..
The first technology companies to offer rewards for security vulnerabilities that discovered in their systems were the companies of web browser developments, they announced financial and moral rewards for those programmers who find weaknesses in programming code, and the beginning was from Netscape in 1995 and Mozilla did the same In the year 2004.
Cybersecurity
Before we get into the definition of bug hunters, let us present to you the science of cybersecurity or computer security which is a branch of technology known as information security, and it aims to protect information and property from theft, corruption, or accidents.
Who is the bug hunter?
Known as an ethical hacker, or a white-hatted hacker, who practices what is known as “ethical hacking” The term used in the IT world for a person whose values oppose violating other intellectual property.
An ethical hacker focuses on protecting systems, unlike a black hat hacker who tries to crack them, and he is also authorized to use prohibited means to address the security risks of computers and networks.
Types of vulnerabilities detection
discovering vulnerability is split into two parts, the first is through programs and annual competitions launched by the companies themselves, and the other part is from regular users who do this at any time.
But in the second case, you must know the law and what is the punishment for any matter you will do. In the United Kingdom, under the Computer Misuse Act, unauthorized access is a crime even if the door is wide open, so hackers and talented people in this field must understand the law and to what How extent risky.
Big numbers for Bug bounties
In April 2018, the company known as Oath Inc gave 400,000 USD to 40 participants in the H1-415 event organized by HackerOne and Oath / Verizon Media, which owns Yahoo and AOL, allocated another 400,000 USD at a separate event in November 2018 for programmers who identified 159 critical security vulnerabilities.
After the success of the events, the company created a bug bonus program, through which5 million USD was paid in 2018 to hackers and researchers who found errors from various threat levels across multiple platforms.
The most famous companies
Many companies around the world offer events to discover security vulnerabilities in their systems. For example, Microsoft has provided financial rewards for the discovery of security vulnerabilities for two million dollars in 2018.
And Google has its vulnerabilities bonus program since 2010, more than $ 15 million has been paid out, of which $ 3.4 million was awarded in 2018 1.7 million USD of which focused on error detection in the Android operating system and the Chrome browser).
And Facebook paying for the bug bounty program on thier social network since its creation in 2011, it has paid more than 7.5 million USD.
Finally, Tesla joined to the marathon to and programmers and hunters and promised if someone breaks into its electric cars will get a car and a million USD.
The most famous Arab bug hunters
The Egyptian security expert, Mohamed Ramadan, is one of the honor list of the most prominent ethical hackers who discovered software errors or gaps in Facebook, as well as the Moroccan Amin Al Sharai, the Egyptian Mohamed Abdel Baset Al-Nubi, and finally, the Palestinian programmer Khalil Shreteh, who was could writing on the wall of Mark Zuckerberg, the founder of Facebook To prove to the site management that there is a security vulnerability that enables it to be discovered, allowing any social network user to write on the wall of any other user without his consent.