What is Bug Bounty ? Who can make money from it?

Do you believe Microsoft is paying upto $250,000 with its new Bug Bounty program?. Some big organizations like Microsoft, Mozilla, Yahoo, Google, Reddit, Apple and Facebook. These organizations are giving huge rewards to the Bug Bounty Hunters.
What is a Bug Bounty Program?
Bug bounty program rewards the people who finds vulnerabilites in websites and softwares. Anyone who find a bug in website with bug bounty program can receive recognigation and compensation for reporting bugs. Bug bounty program is a part of vulnerability management program.

Before 2014 Facebook rewarded a “white hat” debit card to the researchers who finds and report security bugs. If someone have already received a card and find new bug, then facebook loads funds in the card. But from 2014 they stopped giving debit cards to the bug hunters.The bug hunters from the Russia, India, USA and UK has received many rewards from the facebook.
Screen-shot from Pdf "state of bug bounty"
The following stats shows that maximum bug bounty researchers from India and USA

“Researchers who finds bugs and security improvements are rare, we value them and have to find ways to reward them” Ryan McGeehan, he is a former manager of facebook security response team.
Yahoo rewards between $250 to $15,000 to the researchers. According to the vulnerabilites they pay rewards. At first Yahoo was giving only few rewards to the security researchers like T-shirt but now they have changed their policy.
In 2016 google have payed more than $3 milion to bug hunters. They have payed most for chrome and android exploits. Google also offered a bug bounty program for different apps in play store. Google will pay $1,000, if someone finds vulnerabilities on apps but it have to meet some conditions.
Screenshot from pdf"state of bug bounty"
Vulnerabilities by type

If you want to enter in bug bounty programs you will need many knowledges. You should have knowledge of HTML, CSS, Javascript, Jquery, PHP, MySQL, Python and many more. You will also need Kali linux and OWASP Zap for practicing and finding bugs. You need to understand the features and functionality of all modules. Then you can test cases and collect data. You can also buy vulnerability scanner and scan with them. Some famous vulnerability scanner apps are Nessus Vs, Solar winds, Nexpose VS, Saint VS. So if you want to enter in this field you should have knowledge of coding and some computer skills.There are many resources from where you can learn from the beginning.
Many bug bounty hunters from different countries are making a helathy incomes. Even if someone finds a bug in website which don’t have bug bounty program, there is big chance that bug hunter gets rewarded.Bug bounty programs has helped both side. Security researchers and bug hunters are making good income from bug bounty program and website are fixing their bugs.So if you have some coding and computer skills then you can easily gain rewards from different sites. If you find bugs at big sites like google, microsoft, facebook then you can get huge rewards. There are many helpful apps and software tools which are very much helpful for bug hunting. If you have some intrest in bug hunting then you should start learning from today. You can easily get different courses online. The number of apps and sites are increasing in huge so bug hunting can be the extra source of income.
If you have any questions related to Bug Bounty Programs and Bug Hunting please comment
what’s your view on bug bounty program?