Bugcrowd, founded in 2012, manages more than 160 bounty programs for companies, including Western Union, Pinterest and Tesla Motors. Bugcrowd "white hats" can receive an award based on the severity of the discovery they make.
In Tesla's case, rewards per bug found are on the lower end of the spectrum, ranging from $25 to $1,000. Google and Facebook, on the other hand, have given out bounties per bug of $22,000 and $33,500, respectively.
The corporate client specifies the extent of a bug bounty program—whether it is reviewing the front-facing website, as in the case of Western Union, Pinterest and Tesla—or going deeper into a company's network, such as with Google and Facebook.
HackerOne, which runs the Yahoo and Twitter bug bounty programs, also pairs researchers with companies through its platform. It charges companies 20 percent of the bounties awarded to researchers. To date, approximately 1,600 researchers on HackerOne's platform have received about $3.48 million in payouts, based on finding 10,557 bugs.
Read MoreMeet the 2015 CNBC Disruptors
Behrouz Sadeghipour has discovered almost 180 bugs during his time as a researcher at Bugcrowd and through other programs. This form of bounty hunting provides a way for him to earn lucrative payouts from major companies, including Yahoo and PayPal.
Sadeghipour found a cross-site scripting (XSS) flaw in both companies' systems, a major vulnerability that would allow a hacker to inject malicious script to obtain information stored in the user's browser.
"Two or three years ago it was difficult for me to find a job in a bug bounty program," said Sadeghipour. "You either had to be hired by a company directly or work for a consulting firm. Now I can research vulnerabilities legally and have a safety net if I decide to hack programs on my own."
Bugcrowd's "white-hat" universe now includes 18,600 researchers who, on average, discover 10 to 12 issues that a company may face per day. Bugcrowd's researchers submit vulnerabilities they find to a secure platform called Crowdcontrol.
Researchers report glitches to Bugcrowd rather than to the company whose network is being tested by the bug bounty program, to make it more manageable for large corporations—many of the findings submitted may be illegitimate or duplicates. Companies can use Bugcrowd's subscription model to have their network tested by researchers for a specific amount of time, depending on their cybersecurity needs.