What you need to know before you launch a bug bounty program

It’s no secret the cybersecurity industry has a skills gap. Read any report that looks at hiring in the security field across the world and the only difference is the size of the shortage. According to last year’s Global Information Security Workforce Study (GISWS), the global shortfall is expected to be 1.8 million by 2022 – a 20% increase since 2015.  

One way to overcome this ongoing lack of cyber skills is to supplement your existing security staff with crowdfunding. A new wave of companies, including HackerOne, Bugcrowd, and Synack are offering communities of hackers ready to test your systems and report their findings in exchange for cash rewards.

But what does launching a bug bounty program involve, and what do you need to know beforehand?


Why companies are turning to bug bounties and crowdsourcing security

The idea of bug bounties – inviting hackers to probe a company’s systems and report any vulnerabilities in exchange for a reward – has been around for over 20 years. In 1995, Netscape launched the ‘Netscape Bugs Bounty’ program to let people find bugs in beta versions of Netscape Navigator 2.0. Rewards included up to $1000 cash, Netscape swag, and ‘bragging rights’.

To continue reading...


« The CMO Files: Chandar Pattabhiram, Coupa


C-suite career advice: Kristen Hamilton, Koru Predictive Hiring »
Dan Swinhoe

Dan is Senior Staff Writer at IDG Connect. Writes about all manner of tech from driverless cars, AI, and Green IT to Cloudy stuff, security, and IoT. Dislikes autoplay ads/videos and garbage written about 'milliennials'.  

  • twt
  • twt
  • twt
  • Mail

Recommended for You

Tech Cynic: VR, the never-popular technology

Tech Cynic – IT without the rose-tinted spectacles

Five months on, GDPR doubts remain for this lawyer

Martin Veitch's inside track on today’s tech trends

How can smart solutions help address Southeast Asia's urban challenges?

Keri Allan looks at the latest trends and technologies


Is your organization fully GDPR compliant?