Bug Bounty(Bug Bounty)

A bug bounty program is a vulnerability disclosure arrangement in which an organisation pays external security researchers a reward (bounty) for finding and responsibly disclosing security vulnerabilities. Major platforms such as HackerOne and Bugcrowd act as intermediaries between researchers and organisations. The economic model relies on the assumption that finding and documenting vulnerabilities carries significant cost for researchers, justifying the payout. As LLMs have made it trivially cheap to generate plausible-sounding vulnerability reports, some programs — including HackerOne (which temporarily froze intake in March 2026) — have had to redesign submission requirements to restore signal quality.

※ Auto-generated stub — requires completion