3. BUG BOUNTY PROGRAM
A bug bounty program is a crowdsourcing initiative that rewards
individuals for discovering and responsibly reporting software security
vulnerabilities. Bug bounty programs are often initiated to supplement
internal code audits and penetration tests as part of an organization's
vulnerability management strategy.
Source : Techtarget
5. WHAT’S IN IT FOR ORGANIZATIONS?
•Army of friendly hackers.
•Cost-effective solution.
•Eliminate the risk of Zero-days vulnerabilities.
•On-going security testing.
6. KEY STATISTICS
• Facebook's pioneering bug bounty program has uncovered over 900 bugs and paid
out over 5 million US dollars.
• Google has paid out more than $9 million since the launch of its bug bounty program
in 2010, including over $3 million in 2016.
• Mozilla has paid out over $1.6 million across all of our bounties.
• Yahoo has paid out more than $2 million for vulnerabilities since the launch of its bug
bounty program in 2013.
• Over 100,000 hackers strong in the HackerOne community. Over $20 million paid in
bounties.
7. RUNNING A BUG BOUNTY PROGRAM
Self-Hosted Bug Bounty Program
Using a Bug Bounty Management Provider