The Top Ten Bug Bounty Rewards

Read Now

To read this magazine feature you’ll need an Infosecurity Magazine account. Log in or sign up below.

Log In

Sign Up

Get up-to-the-minute news and opinions, plus access to a wide assortment of Information Security resources that will keep you current and informed.

This will be used to identify you if you take part in our online comments.
Your password should be at least six characters long. It is case sensitive. Passwords can only consist of alphanumeric characters or ~!@#$%^&*()_-+=?.

Infosecurity Magazine collects personal information when you register for our magazine and sponsored content. We will use this information to deliver the product or service for which you are registering.

We will also share your information with the declared sponsor of any webinar, whitepaper or virtual event for which you register and this sponsor is clearly indicated on each event page. You can opt out at any time in your user account.

For more information explaining how we use your information please see our privacy policy.

By registering you agree with our terms and conditions and privacy policy.

Bug Bounty programs – the concept of rewarding security researchers for finding and responsibly disclosing vulnerabilities – has become a major part of modern security practice. Researchers now commonly register with vulnerability disclosure and bug bounty coordination specialists such HackerOne, Synack and Bugcrowd in their thousands.

The bug bounty market has slowly seen the sums of money on offer for finding and responsibly disclosing vulnerabilities increase over the last few years. However, earlier this year, and for the first time ever, Apple revealed that it would be prepared to pay a sum of up to $1m for the successful discovery and disclosure of a certain vulnerability: a zero-click, full-chain kernel-code-execution attack. That huge bounty eclipsed the maximum amount previously available, which was $200,000.

Taking into account the monumental amounts of money now up for grabs as part of bug bounty programs, Infosecurity has compiled a list of the most notable and sizeable bug bounty payments to date.