Bug bounty programs are on the rise, and participating security researchers earned big bucks as a result.
According to a report released by HackerOne in February 2020, hackers had collectively earned approximately $40 million from those programs in 2019. This amount is nearly equal to the bounty totals hackers received for all preceding years combined.
In “Hacker-Powered Security Report 2019,” HackerOne revealed that the number of these hacker-powered security initiatives had grown by at least 30% in each of the regions surveyed. Latin America led the way with a year-over-year growth rate of 41%. It was followed by North America, Europe, the Middle East and Africa region at 34%, 32% and 30%, respectively.
Clearly, more organizations are rewarding their hackers with larger bug bounty amounts than ever before. But to what extent are organizations benefiting from these payouts? And, are these programs actually worth the effort?
What Is a Bug Bounty Program?
A bug bounty program is an initiative through which an organization sanctions security researchers to search for vulnerabilities and other weaknesses on its public-facing digital systems. Some of these programs are private insofar as security researchers must receive an invitation in order to participate. Other initiatives are public frameworks where anyone can apply.
Bug bounty programs work by organizations laying out a set of terms and conditions for eligible offensive security testers. These rules specify which domains and services sit within the scope of the program. The rules also explain the types of security issues for which an organization is willing to offer a rewa ..
Support the originator by clicking the read the rest link below.
