A bug bounty program is a deal offered by many websites and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to exploits and vulnerabilities.

The most important ones are:

• https://www.bugcrowd.com

• https://www.hackerone.com

• https://bountyfactory.io

For each vulnerability sent that is eligible for bounty (i.e. it is inside the scope of the program) you can earn money depending of the impact of the vulnerability.