A bug bounty is a financial reward offered by technological organizations to anyone who discovers and responsibly reports bugs in software or computing services. Today many major tech companies have bug bounty programs, including Microsoft, Facebook, Google, and Yahoo!. The practice originated at Netscape in 1996, when engineer Jarrett Ridlinghafer offered a financial incentive to any employee that could find undiscovered bugs in the Netscape web browser.
To date, the largest bug bounty was awarded in 2014, when Unix specialist Stéphane Chazelas discovered the Shell Shock vulnerability in the widely used Bash shell. For discovering and responsibly disclosing the bug, Internetbugbounty.org awarded Chazelas a bounty of $20,000.
Also see: Bug, Security terms, Vulnerability, White hat