One of the ways organizations put their system vulnerability to the test is through bug bounty programs. They do this to keep off criminal hackers whose aim is to harm institutions in the public and private sectors by exploiting their security vulnerabilities. As a result, bug bounties are becoming popular. Top companies leverage bug bounty programs worldwide to keep their users, applications, software, and customers safe.

What is a Bug Bounty?

A bug bounty, also called vulnerability rewards program (VRP), is a reward given to ethical hackers who successfully discovers and reports a bug or vulnerability in a software or application. Companies set up bug bounty programs to leverage the expertise of ethical hackers in securing and improving their systems’ security. It is a means of supplementing internal code audits and penetration tests. As a result, the vulnerability that emerged with the bug bounty hunt is eliminated, resulting in more robust and secure software.

How Bug Bounty Works

According to HackerOne, organizations starting bounty programs must first set the scope and budget for their programs. A scope defines what systems a hacker can test and outlines how a test is conducted. Once a bug is discovered, hackers must file a disclosure report detailing the bug, its severity level, and how it impacts the application or users.

Bug hunters who succeed in reporting bugs are monetarily rewarded. The reward varies according to the severity of the bugs they find. Shopify, Facebook, Yelp, Google, Mozilla, Microsoft, Apple, and others offer bug bounty programs.

The Role of Bug Hunters

Bug hunters are software security researchers and white hat hackers, otherwise known as ethical hackers. They are cybersecurity experts tasked with discovering vulnerabilities in software. Bug hunters prevent criminal hackers from spotting and exploiting bugs in the early stages and prevent abuse of bug bounty programs and sites. In addition, bug hunters document enough reports and information to help the organization offering the bounty reproduce the vulnerability.

A bug bounty is a crowdsourcing initiative open to hackers worldwide, although some companies offer closed bug bounty programs that require an invitation to participate. They do this to limit potential risks and complications.

Introducing Bit.com’s Bug Bounty

To ensure a secure trading environment, Bit.com is offering up to $3000 in reward for its bug bounty program.

Below are the main targeted scopes:

• Website

• API

• Crypto Wallet

The following are what your report is expected to contain:

• Business logic issues

• Payments manipulation

• Remote code execution (RCE)

• Injection vulnerabilities (SQL, XXE)

• File inclusions (Local & Remote)

• Access Control Issues (IDOR, Privilege Escalation, etc.)

• Leakage of sensitive information

• Server-Side Request Forgery (SSRF)

• Cross-Site Request Forgery (CSRF)

• Cross-Site Scripting (XSS)

• Directory traversal

• Another vulnerability with a clear potential loss

The rewards for this bounty are in 4 tiers, and they're as follows:

• Critical: $1500 – $3000

• High: $500 – $1000

• Medium: $50 – $500

• Low: <$50

Any vulnerability detected must be reported and submitted via hackenproof. For detailed guidelines about the bug bounty program, check here.

About Bit.com

Bit.com is a full-featured cryptocurrency exchange run by Matrixport, one of Asia's fastest-growing financial services platforms for digital assets. Bit.com is dedicated to offering services such as price discovery, trading strategy execution, and liquidity provision. Furthermore, Bit.com constantly promotes the development of new financial products, enhancing user trading instruments, and listing specific tokens. High-quality security and risk management measures are incorporated into the company's design to create an exceptional trading environment.