What you need to know before you launch a bug bounty program

It’s no secret the cybersecurity industry has a skills gap. Read any report that looks at hiring in the security field across the world and the only difference is the size of the shortage. According to last year’s Global Information Security Workforce Study (GISWS), the global shortfall is expected to be 1.8 million by 2022 – a 20% increase since 2015.  

One way to overcome this ongoing lack of cyber skills is to supplement your existing security staff with crowdfunding. A new wave of companies, including HackerOne, Bugcrowd, and Synack are offering communities of hackers ready to test your systems and report their findings in exchange for cash rewards.

But what does launching a bug bounty program involve, and what do you need to know beforehand?


Why companies are turning to bug bounties and crowdsourcing security

The idea of bug bounties – inviting hackers to probe a company’s systems and report any vulnerabilities in exchange for a reward – has been around for over 20 years. In 1995, Netscape launched the ‘Netscape Bugs Bounty’ program to let people find bugs in beta versions of Netscape Navigator 2.0. Rewards included up to $1000 cash, Netscape swag, and ‘bragging rights’.

To continue reading...


« The CMO Files: Chandar Pattabhiram, Coupa


C-suite career advice: Kristen Hamilton, Koru Predictive Hiring »
Dan Swinhoe

Dan is a journalist at CSO Online. Previously he was Senior Staff Writer at IDG Connect.

  • twt
  • twt
  • twt
  • Mail


Do you think your smartphone is making you a workaholic?