Vetting researchers builds trust in bounty programs

Though companies like Google and Facebook have used bounty reward programs for a while, organizations outside of the technology industry can also benefit from participating in bounty programs.

Become An Insider

Sign up now and get FREE access to hundreds of Insider articles, guides, reviews, interviews, blogs, and other premium content. Learn more.

Conservative enterprises have been tentative about joining forces with hackers, but third-party bug bounty platforms have proven that their vetting process ensures a highly qualified and trustworthy talent pool. Because security researchers are able to discover vulnerabilities and alert enterprises to flaws in applications before a breach, there is value in trusting ethical hackers.

Bugcrowd’s recent State of Bug Bounty report noted that many bug bounty programs are commonly run on third-party platforms that, “manage the operational end of the programs, bringing the research community together and handling the payment process, opening up the opportunity for more companies to successfully run bug bounty programs.”

While companies from Facebook and Google to Tesla and United Airlines have popularized bounty reward programs, more conservative enterprises outside of the technology industry, such as larger financial services and healthcare organizations, have not been as comfortable taking the leap of faith that the benefits of bounty programs outweigh the risks. This tentative response across industries outside of tech has led to the rise of private or invitation-only programs.

To continue reading this article register now