||A reward given for reporting a security vulnerability.
|Bug bounty program
||Companies or individuals that reward security researchers for reporting security vulnerabilities in their products. This term is commonly abbreviated to "BBP".
|Bug bounty hunter
||An individual that hunts for security issues on bug bounty programs.
||A report describing the same issue as a previously submitted report is referred to as a "duplicate". Bug bounty platforms usually allow programs to set the status of a duplicate report to "duplicate" to inform the hunter that the issue has been submitted previously.
||When the entire report is publicly disclosed. Bug bounty hunters will usually request public disclosure of their report once the issue has been resolved or a certain number of days have gone by since the initial report.
||When a report is publicly disclosed, but certain details are redacted.
||Abbreviation for proof of concept, a detailed demonstration of a security vulnerability.
||This is a term that EdOverflow uses to describe the phenomenon whereby a low-quality report is rewarded on a program, then disclosed, and all of a sudden a ton of programs are flooded with copy-pasted versions of that report.
||This is another term that EdOverflow uses to refer to hunters that wait for publicly disclosed reports to verify that the patch does in fact resolve the issue; making sure there are no bypasses. This is one good reason for disclosing reports publicly, it allows hunters to double-check your fix.