Google has paid out £376,000 ($550,000) in bug bounties to 82 different people over the last 12 months as to reward those who find vulnerabilities on its Android platform. Paul Farrington, Manager, EMEA Solution Architects at Veracode discusses on this report below.
Paul Farrington, Manager, EMEA Solution Architects at Veracode:
“The number of cases and the significant sum paid as part of Google’s bug bounty programme continues to demonstrate the value of responsible disclosure to companies.
“However, not all organisations can’t rely on ethical hackers to find the flaws for them. Malicious actors are constantly applying the same techniques to websites and applications, and breaches or unwanted activity can be expected as a result. Indeed, last year Gartner suggested more than 75 per cent of mobile applications would fail basic security tests.
“With growing awareness of application security, bounty programmes provide those with good competences in IT an opportunity to explore this domain, and a safe and positive system in which to do it – with the added monetary incentives. Indeed, only recently Renee Wysopal, a Veracode co-founder’s daughter, demonstrated she’d inherited her father’s curiosity and prowess for application security when she discovered a valuable bug as part of Facebook’s bug bounty programme.”