What are Bug Bounties?

Recently Google has upped their bounties in their YouTube, Blogger, and Google domains from $20,000 to $30,000 for identifying and remedying bugs in their code. This is a 50% increase, which is massive. There is also an added bonus of $1,337, which appears to only serve as homage to early hacker and “leet” culture online.

The reason for the raise, Google says, is that high level security risks have become harder to identify as technology becomes increasingly sophisticated. This means that more time and effort is going into finding and fixing bugs than it has in the past, and good guy Google wants the reward to better reflect the efforts being made on the part of their security researchers. However, Google is not the only company to employ security researchers and hackers to hunt code for bounties, nor is it the first.

So what is a bug bounty exactly, and when did these sort of programs start? A bug bounty program is a singular or ongoing even where companies and websites will offer a reward to expose -and sometimes fix- security flaws, broken code, or UI follies. The aim is to catch these types of exploits prior to the general public learning about them and abusing the system. Today, most major companies such as Mircosoft, Google, Reddit, and Facebook have either recurring or constant bounties up for grabs.

One could argue that the origin of a bug bounty is related to the bounties on escaped prisoners, fugitives from the law, and even on animals during culls, but the way we know it today online is believed to have been in 1995. Jarrett Ridlinghafer is credited with devising and implementing the first bug bounty program for the Netscape Communications Corporation -what a blast from the past-. Ridlinghafer was given an initial budget of $50,000 to run the bugs bounty program and grow their company and it is one reasons Netscape saw such enormous success in the early days of the Internet. Since then companies such as Google and Facebook have paid out vast amounts of cash to their security researchers to guarantee their services and products are at the level of stability and security that they want.

However it is not only the companies that employ these sorts of bounties and events. In March of 2016, Peter Cook -Former Press Secretary to Former Defense Secretary- announced that the Department of Defense would be hosting a “Hack the Pentagon” program which encouraged freelance security researchers to submit security reports outlining their findings and suggestions while attempting to break through the Department of Defense’s and the Pentagon’s security. The DoD paid out about $71,000 by the end of the program in mid May 2016 and two of the researchers were even invited to meet Defense Secretary Ash Carter to thank them for the extraordinary work they did during the program.

It is easy to forget that programs like these exist, since most people think of companies having their business insured up. In fact, we tend to only hear about security flaws in businesses when someone nefarious has succeeded in stealing information or exploiting other flaws. The reality of it is, companies and governments are attempting to stay one step ahead of these kinds of security breaches, and bug bounty programs are one extremely effective way of ensuring that.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.