Question

After you’ve identified a few programs that you are interested in, you could list the properties of each one to compare them. In Table 1-1 , let’s compare a few of the popular programs introduced in this chapter.

在确定了感兴趣的几个计划后，您可以列出每个计划的属性进行比较。在表 1-1 中，让我们比较本章介绍的几个热门计划。

Table 1-1 : A Comparison of Three Bug Bounty Programs: HackerOne, Facebook, and GitHub

表格 1-1：三个漏洞赏金计划的比较：HackerOne、Facebook 和 GitHub。

Program	Asset type	In scope	Payout amount	Response time
HackerOne	Social site	https://hackerone.com/ https://api.hackerone.com *.vpn.hackerone.net https://www.hackerone.com And more assets . . . Any vulnerability except exclusions are in scope.	$500–$15,000+	Fast. Average time to response is 5 hours. Average time to triage is 15 hours.
Facebook	Social site, nonsocial site, mobile site, IoT, and source code	Instagram Internet.org / Free Basics Oculus Workplace Open source projects by Facebook WhatsApp Portal FBLite Express Wi-Fi Any vulnerability except exclusions are in scope.	$500 minimum	Based on my experience, pretty fast!
GitHub	Social site	https://blog.github.com/ https://community.github.com/ http://resources.github.com/ And more assets . . . Use of known-vulnerable software. Clickjacking a static site. Including HTML in Markdown content. Leaking email addresses via .patch links. And more issues . . .	$617–$30,000	Fast. Average time to response is 11 hours. Average time to triage is 23 hours.