Security Bug Bounty (sometimes referred to simply as Bug Bounty or BB) refers to programs that allow responsible disclosure of security vulnerabilities, most times in exchange for a monetary reward or acknowledgment in the form of reputation. Security bug bounty programs can be public (open for anyone to submit a security report of a finding) or private (restricted for specific security researchers or invite-based upon reporting). Usually a security bug bounty program is private or public according to the availability of resources of the maintaining security team. Security bug bounty programs can be externally managed by a bug bounty management platform like HackerOne or BugCrowd. Maintaining a bug bounty program is considered best practice as it allows to extend the application penetration testing resources with real-world researchers, while the maintainer determines the security attention by determining the security bug bounty policy and rewards.