Today, bug bounty programs are an increasingly common method to find and fix various vulnerabilities on the Internet. This method is used by small companies, as well as large companies such as Google, Yandex, Paypal, Facebook. The need for bug bounty programs is due to the increasing number of cyber attacks today.
According to an article published in 2020, 16 billion records were stolen in 2020 due to these attacks. 8.4 billion of these stolen records constitute the first quarter of 2020, and in this case, it is observed that it has increased by 273% compared to the first quarter of 2019. Now that we know why the bug bounty started, let's continue with the history and when the bug bounty started.
History of Bug Bounty
Bug Bounty in 1995
Today, bug bounty programs are an increasingly common method to find and fix various vulnerabilities on the Internet. This method is used by small companies and large companies such as Google, Yandex, Paypal, and Facebook. The need for bug bounty programs is due to the increasing number of cyberattacks today.
According to an article published in 2020, 16 billion records were stolen in 2020 due to these attacks. 8.4 billion of these stolen records constitute the first quarter of 2020, and in this case, it is observed that it has increased by 273% compared to the first quarter of 2019. Now that we know why the bug bounty started let's continue with the history and when the bug bounty started.
Bug Bounty in 2002
IDefense, which was later acquired by Verisign, continued this program seven years after the first bug bounty program. This program started by announcing that they would pay a $ 400 fee to those who found and reported software vulnerabilities of some programs they identified. Later, the IDefense company acted as an intermediary between each other to bring together white hat hackers who found the vulnerabilities and companies that wanted their vulnerabilities to be eliminated.
Bug Bounty in 2004
In 2004, 9 years after the debut of bug bounty, Mozilla launched a $ 500 reward program for white hat hackers who detected and reported critical vulnerabilities in their software Firefox, just like Netscape and sponsored a bug bounty program for the first time in history. Sponsors for this program were entrepreneur Mark Shuttleworth and Linux distributor Linspire. The Mozilla Bug Bounty program, which started in 2004, continues today with various applications added to the program.
Bug Bounty in 2005
In 2005, TippingPoint, inspired by and rivaling IDefense, launched a new Zero Day Initiative program, bringing together white hat hackers and companies seeking to cover their vulnerabilities. This program gives rewards for those who submit reports on vulnerabilities, as in IDefense. This program continues to work and distribute awards today.
Bug Bounty in 2007
Three weeks before the CanSecWest conference held in 2007, Dragos Ruiu announced the PWN2OWN competition to find and fix Mac OSX's vulnerabilities. At first, it was rumored that the competition winner would be rewarded with a laptop computer, but later this was raised to a $ 10,000 prize. After that year, the PWN2OWN competition became a traditional competition held after every CanSecWest conference. In the competition held in 2014, white hat hackers were paid $ 850,000.
Bug Bounty in 2010
In 2010, Google launched a bug bounty program for the open-source Chromium project. Later in the same year, another contest was held by Google on Google's web features. Both competitions were similar to the program of the Mozilla that took place in 2004. At that year, not only Google but also companies such as Mozilla, German federal mail service Deutsche Post and Barracuda networks started and developed bug bounty awards that played a significant role in developing this field.
Bug Bounty in 2011
In 2011, Facebook followed Google and launched the Facebook White Hat program similar to the bug bounty program, stating that there would be no upper limit for the prize and the lowest $ 500. This program continues today, and a total of over $ 2 billion was paid to white hat hackers under this program.
Bug Bounty Today
Companies inspired by companies like Google and Facebook today make their bug bounty programs. Bug bounty still attracts a lot of attention today. So much so that companies such as Microsoft and Intel organize bug bounty programs that award $ 100,000. We can say that as the bug bounty got famous, the size of the reward increased. It is seen that there is a difference of 200 times between the prices given initially and today's prices.
Many companies bring buyers and sellers together within bug bounty programs, as IDefense does today. HackerOne, Bugcrowd, Synack companies can be given as examples. It is expected that the number of companies providing this service will gradually increase in the future.
In summary, in this article, we have explained the needs of the bug bounty and detailed information about these needs. Then we talked about the history of bug bounty and which companies used this method. It is anticipated that bug bounty programs, awards, and activities will continue to increase rapidly in the future.