top of page

Jargon Set for Bug Bounty Platform

Bug bounty programs come with their own set of jargon and terminology that are commonly used within the cybersecurity community. Here are some jargons specific to bug bounty programs:

  1. Bounty: The reward offered to ethical hackers for discovering and responsibly disclosing vulnerabilities.

  2. Vulnerability: A flaw or weakness in a system that could potentially be exploited by attackers.

  3. CVE (Common Vulnerabilities and Exposures): A standardized identifier for vulnerabilities, allowing for easy tracking and sharing of security-related information.

  4. Payout Tiers: Different levels of rewards based on the severity of the vulnerability. Often categorized as critical, high, medium, and low.

  5. Proof of Concept (PoC): A demonstration that shows how a vulnerability could be exploited without causing harm.

  6. Disclosure Policy: A set of guidelines and rules outlining how vulnerabilities should be reported and disclosed.

  7. Scope: The specific systems, applications, or components that are eligible for testing within a bug bounty program.

  8. In-Scope: Systems or assets that are within the defined scope of the bug bounty program.

  9. Out-of-Scope: Systems or assets that are explicitly excluded from the bug bounty program.

  10. False Positive: A reported vulnerability that is found not to be a genuine security issue upon investigation.

  11. White Hat Hacker: An ethical hacker who uses their skills to identify vulnerabilities and help improve security.

  12. Black Hat Hacker: A malicious hacker who exploits vulnerabilities for personal gain or harm.

  13. Grey Hat Hacker: An individual who falls between white hat and black hat hackers, often disclosing vulnerabilities without explicit permission.

  14. Bug Bounty Platform: An online platform that connects ethical hackers with organizations offering bug bounty programs.

  15. Responsible Disclosure: The practice of notifying an organization about a vulnerability without exploiting it maliciously, allowing them to fix it before disclosure.

  16. Zero-Day Vulnerability: A vulnerability that is exploited by attackers before the organization becomes aware of it, leaving zero days for mitigation.

  17. CVSS (Common Vulnerability Scoring System): A system used to assess and rate the severity of vulnerabilities.

  18. Escalation Path: A predefined process for escalating critical vulnerabilities to higher levels of management within an organization.

  19. Hall of Fame: A section on the bug bounty platform that publicly recognizes and credits ethical hackers for their contributions.

  20. Disclosure Agreement: A legal agreement outlining the terms and conditions under which vulnerabilities can be reported and disclosed.

  21. Bug Report: A detailed document submitted by an ethical hacker, describing the discovered vulnerability, its impact, and possible mitigation.

  22. Attack Surface: The set of points in a system that are vulnerable to potential attacks.

  23. Remediation: The process of addressing and fixing a reported vulnerability to eliminate the risk it poses.

  24. Rewards Program: The structure and details of how ethical hackers are rewarded for their findings, including payout amounts and criteria.

These terms are commonly used within the bug bounty ecosystem and understanding them can help both organizations and ethical hackers navigate the bug bounty program effectively.

29 views

Comments


Get Started with Listing of your Bug Bounty Program

  • Black LinkedIn Icon
  • Black Twitter Icon
bottom of page