A bug bounty program is offered by many websites, organizations and software developers by which individuals can receive recognition and compensation for reporting bugs present on the websites, especially those pertaining to security exploits and vulnerabilities.

Want to become a Bounty Hunter?
Try to look the Trends in Bug Bounty Industry, what kind of Platforms are involved, what methods hackers are using, Which tools are used etc. This is the first thing should do before getting started Bug Bounty.
This would give an idea about how should move ahead & get started as a bug bounty hunter.
The benefits are not monetary always.

Some of the key areas to focus are:
• Cross-Site Scripting (XSS)
• SQL Injection
• Information gathering etc.
• Business Logic

RELATED: Top 10 Web Application Vulnerability Scanning Tools

Top list for Bug Bounty Program:
1. Apple
2. Facebook
3. GitHub
4. Google
5. HackerOne
6. Intel
7. Microsoft
8. Mozilla
9. Snapchat
10. Yahoo

Related: Top 10 security tips for Online Security

1. Apple

Apple offers public recognition for those who submit valid reports and will match donations of the bounty payment to qualifying charities. As part of Apple’s commitment to security, they reward researchers who share with them critical issues and the techniques used to exploit them.
Website: https://developer.apple.com/security-bounty/
Minimum Payout: $5,000
Maximum Payout: $1 million

2. Facebook

Facebook recognizes the value external security researchers can bring to the security of Facebook systems, and they welcome and seek to reward eligible contributions from security researchers, as outlined below. If you believe that you have found a security vulnerability on Facebook (or on another member of the Facebook family of companies), they encourage you to let them know straight away. They will investigate all legitimate reports and do their best to quickly fix the problem.
Website: https://www.facebook.com/whitehat
Minimum Payout: $500
Maximum Payout: No predetermined amount

3. GitHub

Software security researchers are increasingly engaging with Internet companies to hunt down vulnerabilities. Their bounty program gives a tip of the hat to these researchers and provides rewards of $30,000 or more for critical vulnerabilities.
Website: https://bounty.github.com/
Minimum Payout: $617
Maximum Payout: $30,000+

Must Read: WHAT IS DIFFERENCE BETWEEN THREAT AND VULNERABILITY?

4. Google

Bugs in Google Cloud Platform, Google-developed apps, and extensions (published in Google Play, in iTunes, or in the Chrome Web Store), as well as some of their hardware devices (Home, OnHub, and Nest), will also qualify. See their Android Rewards and Chrome Rewards for other services and devices that are also in scope
Website: https://www.google.com/about/appsecurity/reward-program/
Minimum Payout: $100
Maximum Payout: $31,337

Related:WHAT ARE VULNERABILITY SCANNING TOOLS?

5. HackerOne

Website: https://hackerone.com/security
Minimum Payout: $500
Maximum Payout: $15,000+

Related : TYPES AND LIST OF VULNERABILITY SCANNING TOOLS?

6. Intel
Intel is focused on ensuring the security of its customer’s computing environments. They are committed to rapidly addressing issues as they arise, and providing recommendations through security advisories and security notices.
Security advisories are fixes or workarounds for vulnerabilities identified with Intel products.
Website: https://security-center.intel.com/BugBountyProgram.aspx
Minimum Payout: $500
Maximum Payout: $100,000

7. Microsoft

Microsoft strongly believes close partnerships with researchers make customers more secure. Security researchers play an integral role in the ecosystem by discovering vulnerabilities missed in the software development process.
If you are a security researcher that has found a vulnerability in a Microsoft product, service, or device they want to hear from you. If your vulnerability report affects a product or service that is within the scope of one of our bounty programs below, you may receive a bounty award according to the program descriptions. Even if it is not covered under an existing bounty program, they will publicly acknowledge your contributions when they fix the vulnerability. All vulnerability submissions are counted in their Researcher Recognition Program and leaderboard, even if they do not qualify for the bounty award.
Website: https://technet.microsoft.com/en-us/library/dn425036.aspx
Minimum Payout: No predetermined amount
Maximum Payout: $250,000

8. Mozilla

The Mozilla Security Bug Bounty Program is designed to encourage security research in Mozilla software and to reward those who help them make the internet a safer place.
Website: https://www.mozilla.org/en-US/security/bug-bounty/
Minimum Payout: $100
Maximum Payout: $10,000+

9. Snapchat

Website: https://support.snapchat.com/en-US/i-need-help
Minimum Payout: $2000.
Maximum Payout: $15,000.

10. Yahoo
If you are a member of the security community and need to report a technical vulnerability, you can visit the Bug Bounty Program site.
If you want to report abusive behavior, spam, email scams, connectivity problems, or other nonsecurity issues, or if you are having problems with your Yahoo account, visit at the security help page.
Website: https://safety.yahoo.com/Security/REPORTING-ISSUES.html
Minimum Payout: no set limit
Maximum Payout:$15000