A bug bounty is a program where a company provides a monetary reward to an independent security researcher (a hacker) who reports a bug or a security vulnerability. Rewards can vary from hundreds to thousands of dollars depending on the impact and severity of the vulnerability.