BUG HUNTING

The bug hunter is an ethical hacker who searches, in a legalized way, security holes within websites, domains and applications (web and mobile) belonging to companies. Companies and institutions authorize these activities through bug bounty programs, in which they define the various guidelines to follow including the authorized domains and the types of breaches accepted.

The bug market is becoming more and more complex, connected to very strong economic interests and characterized by different shades of gray. Although there are international practices (also within ENISA) that regulate the Coordinated Vulnerability Disclosure, also called CVD, the collaboration between supplier and security researcher does not always lead to a correct recognition of bugs and, therefore, to a general improvement. In a situation of not always correct adoption of CVD, common sense and ethics then become the way forward: trying to be responsible in the things that are done, always adopting transparency and collaboration. For this reason, the choice of your collaborators must be well thought out.