1. Apple Security Issues
Very few developers are aware of Apple’s bug bounty program. The program is limited to selected researchers only. Initially when Apple started the program, it was limited to just 24 security researchers. Later the company expanded to include more bug bounty hunters. There is no upper limit to the amount that Apple can offer as bug bounty. However, Apple is willing to pay $100,000 to researchers that can extract data protected by Apple’s Secure Enclave technology.
2. Google Vulnerability Reward Program
Google will pay minimum of $100 and maximum of $31,337 depending upon the severity of the bug reported and the kind of potential damage it can inflict on the associated systems associated. All the content in Google, YouTube, and other Google-owned platforms are part of this vulnerability reward program. The program currently covers design and implementation issues only.
There are several active bug bounty programs at Microsoft. Programs like Microsoft Identity can offer up to $100,000 for reporting vulnerability on Identity services such as Azure Active Directory or Microsoft Account. If you want to go for a bigger bounty, consider participating in the Microsoft Hyper-V and Speculative Execution Side Channel Bounty, both of which can give you up to $250,000 each. More details can be accessed from the Microsoft website.
Facebook has an open bug bounty program. Anybody can report the bugs in Facebook and Facebook-owned platforms. There is no upper limit to the bounty, there are cases that Facebook has rewarded close to half a million dollars to a single security researcher for reporting critical errors. A much needed program we must say considering the recent
data breaches at Facebook.
The open source code sharing platform, GitHub has its own bug bounty program since 2013. Every successful participant can earn points for submitting vulnerability through GitHub’s bug bounty program. Depending upon the severity, GitHub decides the reward for security researchers. $200 is the minimum payout offered while the maximum cap can be up to $1000 for critical bugs.