Response to article about Bug Bounty Programs.

This article describes a study into the economic viability of Bug Bounty Programs. Bug Bounty Programs pay individuals to conduct penetration testing services for companies. Rather than hiring out a large firm on a long term contract, these programs give companies access to individual hackers on a short term basis to look for flaws in their infrastructure. The study reveals several interesting findings. One was that hackers are not only motivated by money. While there is an economic incentive for good work here, companies with limited resources were still able to access and use these services to their benefit. Another interesting finding is that the type of business didn’t play a major role in access to these services, but outcomes did vary depending on industry. The study emphasizes that until this point very little had been known about this market.

I find these programs to be an interesting continuation of the decentralizing trend that has been occurring across many sectors. Someone looking for lodging can now find an individual with an apartment on airbnb. A large taxi service is no longer needed to get a ride somewhere thanks to Uber. Many websites offer freelance services for just about anything you can imagine. Bug Bounties seem like a logical step in that direction for the cybersecurity industry.