Super Bug Hunters Collect Millions in Bounties

Spread the love

More organizations are adopting bug bounties—incentivized programs that encourage security researchers to report security issues to a sponsoring organization. Bug bounties are moving from novelties to best practices, helping to strengthen the security of products. “2015 was the year companies realized that when it comes to cyber-security, the pain of staying the same is exceeding the pain of change,” said Casey Ellis, CEO and founder of Bugcrowd. “This tip is causing companies to realize that the only way to compete with an army of adversaries is with an army of allies. Even the most risk-averse industries are embracing and successfully implementing crowdsourced cyber-security programs.” The study, “State of Bug Bounty Report,” was conducted between Jan. 1, 2013, and March 30, 2016, by Bugcrowd, a crowdsourced security testing firm for enterprise. The report includes data from programs run on Bugcrowd’s platform and a survey of 500 security researchers and 600 security professionals. Included in the term “bug bounty” are vulnerability disclosure programs, public bug bounty programs, and private programs.