What you need to know before you launch a bug bounty program

What you should know about launching your own bug bounty programs

It’s no secret the cybersecurity industry has a skills gap. Read any report that looks at hiring in the security field across the world and the only difference is the size of the shortage. According to last year’s Global Information Security Workforce Study (GISWS), the global shortfall is expected to be 1.8 million by 2022 – a 20% increase since 2015.  

One way to overcome this ongoing lack of cyber skills is to supplement your existing security staff with crowdfunding. A new wave of companies, including HackerOne, Bugcrowd, and Synack are offering communities of hackers ready to test your systems and report their findings in exchange for cash rewards.

But what does launching a bug bounty program involve, and what do you need to know beforehand?

 

Why companies are turning to bug bounties and crowdsourcing security

The idea of bug bounties – inviting hackers to probe a company’s systems and report any vulnerabilities in exchange for a reward – has been around for over 20 years. In 1995, Netscape launched the ‘Netscape Bugs Bounty’ program to let people find bugs in beta versions of Netscape Navigator 2.0. Rewards included up to $1000 cash, Netscape swag, and ‘bragging rights’.

Who are today’s ethical hackers? Discover the who, where, and why of today’s ethical hacking armies.

To continue reading this article register now