According to Sridhar and Ng bug bounty policies initiatives where gig economy security researchers are paid for exposing and explaining vulnerabilities in organization code bases (p. 1). The bug bounty business is expanding rapidly, some bounties have even reach up to one hundred million dollars. Even though this is a growing business some organizations are still skeptical about if the benefit is worth the cost.
An interesting take away I took from the article “Hacking for good: Leveraging HackerOne data to develop an economic model of Bug Bounties” is that smaller to medium sized organization are not able to compete with recruiting the right individuals to work for them, so they look toward freelancing. There is also a major Cybersecurity shortage which aids in leading organizations to choose freelancers. Hiring freelancers gives smaller organizations a fighting chance against breaches. Freelancing is an excellent choice for those with the entrepreneurial discipline and mindset. Personally, I need the need structure of routine and knowing my day to day. However, the median payout being eight hundred dollars per bounty is quite enticing.
I was surprised to learn that hackers are not primarily motivated by monetary gain. Even though bounties can reach the hundred million hackers are largely motivated by wanting to gain experience, build reputation, altruistic reasons, or exposure. These motivators aid in enabling the practice of bug bounty policies to be effectively used for organizations of varied sizes and prominence.







Leave a Reply