The amount of money awarded depends on the severity of the flaw, and can range from less than $140 to much bigger sums.
HackerOne, which is based in California, charges a subscription fee to businesses for use of its platform.
British bug bounty hunter Katie Paxton-Fear, a lecturer at Manchester Metropolitan University, says she looks for bugs in her spare time.
Whilst the money is good, she says it is not a get-rich-quick activity.
"I've earned around £12,000 in 12 months," she told the BBC.
"I remember finding my first bug and literally shaking and realising: 'Wow I just saved people from a pretty big flaw.'
"I'm not just using my time to win a prize, I'm actively helping secure applications I use, so for me it's a challenge mixed with doing something good."
Another similar platform called YesWeHack, which is based in France, said its 22,000 hackers had submitted double the number of bugs in 2020 than the previous year.
It does not release figures on money rewards made via its service.
"Given the new risks and the importance of cyber-security in the economic survival of companies, an increasing number of chief information security officers have turned to bug bounties," said chief executive Guillaume Vassault-Houlière.
Another, BugCrowd, said it saw a 50% increase in submissions on its platform in the last 12 months.