A bug bounty program, also called a hacker bounty program or vulnerability rewards program , is an initiative that rewards individuals for finding a bug in Web application and reporting it to the organization offering a monetary reward. Many software vendors and web sites run bug bounty programs, often paying out cash rewards to software security researchers and white hat hackers for discovering and reporting software vulnerabilities that could be exploited. Bug reports must document enough information for the organization offering the bounty to be able to reproduce the vulnerability. Bug bounty programs are often initiated to supplement internal code audits and penetration tests as part of a vulnerability management strategy. Companies such as Bugcrowd, Bugwolf, CrowdSecurify and Hatforce set up and run bug bounty programs on behalf of customers, accepting bug submissions and validating them, as well as making the payouts when necessary.