Term Definition
Bug bounty A reward given for reporting a security vulnerability.
Bug bounty program Companies or individuals that reward security researchers for reporting security vulnerabilities in their products. This term is commonly abbreviated to "BBP".
Bug bounty hunter An individual that hunts for security issues on bug bounty programs.
Duplicate A report describing the same issue as a previously submitted report is referred to as a "duplicate". Bug bounty platforms usually allow programs to set the status of a duplicate report to "duplicate" to inform the hunter that the issue has been submitted previously.
Full disclosure When the entire report is publicly disclosed. Bug bounty hunters will usually request public disclosure of their report once the issue has been resolved or a certain number of days have gone by since the initial report.
Partial disclosure When a report is publicly disclosed, but certain details are redacted.
PoC Abbreviation for proof of concept, a detailed demonstration of a security vulnerability.
Waves This is a term that EdOverflow uses to describe the phenomenon whereby a low-quality report is rewarded on a program, then disclosed, and all of a sudden a ton of programs are flooded with copy-pasted versions of that report.
Scavenging This is another term that EdOverflow uses to refer to hunters that wait for publicly disclosed reports to verify that the patch does in fact resolve the issue; making sure there are no bypasses. This is one good reason for disclosing reports publicly, it allows hunters to double-check your fix.