A Vulnerability Rewards Program (VRP), also known as a Bug
Bounty Program, is a concept in which companies encourage individuals to search for bugs and vulnerabilities in their programs and receive financial rewards for doing so.Security specialists and white-hat hackers participate in such reward programs, which are offered by many website operators and operating system development companies. Once they discover a vulnerability, they report it to the company, which offers a reward for it. The vulnerability document must sufficiently document the vulnerabilities so that the affected organization or company can reproduce them. The amount of the reward depends on the expected follow-up costs that may be incurred for the faulty software and can range from a few thousand dollars to a million dollars.