Bug Bounty are programs offered by many websites, organizations, and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to security exploits and vulnerabilities. The article stated that ” many firms are skeptical about receiving reports of cybersecurity vulnerabilities from third-party researcher .” I understand the organizations not wanting a third-party research their vulnerabilities. The other option is to have an official pentesting firm work with the organization with both sides having their legal departments involved. There are pro’s and con’s of both bug bounty and pentesting. Bug bounty is a popular option since there is a worldwide shortage of 4 million cybersecurity professionals.

Facebooktwitterlinkedininstagramflickrfoursquaremail