Home / Companies / Bugcrowd / Blog / April 2018

April 2018 Summaries

1 posts from Bugcrowd

Filter
Month: Year:
Post Summaries Back to Blog
Bug bounty programs have reached an all-time high, but misconceptions about their nature and benefits persist. One common myth is that all bug bounties are public, inviting anyone to test applications. In reality, most bug bounty programs are private, invite-only, offering organizations a controlled environment to utilize the power of crowdsourced testing. Private programs provide a curated crowd, access to harder-to-test applications, and focused testing on specific attack surfaces. Researchers can sign up to participate in public programs and gain access to private ones through vetting and measurement criteria, such as activity, quality, impact, and trustworthiness. Companies like Western Union, Okta, and Fitbit have successfully run both public and private bug bounty programs, highlighting the flexibility of this approach. By understanding the differences between public and private bug bounties, organizations can make informed decisions about their security strategy.
Apr 27, 2018 809 words in the original blog post.