Bugcrowd, a cybersecurity company dedicated to helping businesses build their own customized security testing programs, has released an infographic demonstrating how bug bounties can help build better software.
A bug bounty program is different from responsible disclosure in that companies use tester submissions for security testing. In this way, companies can set up security teams to verify bugs and award bounties to the researchers who find them rather than hiring security professionals to conduct their own investigations.
Bounty rewards usually range from a $100 to thousands of dollars.
Many companies have set up their own bug bounty programs. These include the following:
– Google
– Mozilla
– Github
– Facebook
– Etsy
– Microsoft
You can look at Bugcrowd’s complete bug bounty disclosure list at https://bugcrowd.com/list-of-bug-bounty-programs.
For some, bounty programs are not the answer. The amount of resources and money needed to review all submissions, some of which may be invalid, may be beyond a company’s budget. But for those who can afford them, bug bounty programs provide a cost-efficient way for companies to continually test and review their applications, thereby decreasing the likelihood of a security breach.
Please refer to the infographic below for more information.
You can learn more about setting up your own bug bounty program with Bugcrowd by going to .
About Bugcrowd
Bugcrowd was founded in January 2013 by CEO Casey Ellis and CTO Chris Raethke to help level the vulnerability assessment playing field. By leveraging the economic, expertise and sheer numbers of the crowd, the company is redefining the cybersecurity market.
Its revolutionary approach to cybersecurity combines a proprietary vulnerability reporting platform with the largest crowd of security researchers on the planet. Bugcrowd also provides a range of responsible disclosure and managed service options that allow companies to commission a customized security testing program that fits their specific requirements. Based in San Francisco, Bugcrowd is backed by Icon Ventures, Paladin Capital and Square Peg Ventures.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.