vulnerability rewards program (VRP)

A Vulnerability Rewards Program (VRP), also known as a Bug Bounty Program, is a concept where companies encourage individuals to search for bugs and vulnerabilities in their programs and are rewarded financially.

Security specialists and white-hat hack ers participate in such reward programs, which are offered by many website operators and operating system development companies. Once they discover a vulnerability, they report it to the company offering a reward. The vulnerability document must sufficiently document the vulnerabilities so that the affected organization or company can reproduce them. The amount of the reward depends on the expected follow-up costs that may be incurred for the faulty software and can range from a few thousand dollars to a million dollars.