Analyzing Bug Bounties

               In a given article, data is collected from a database from HackerOne, a program management platform. Information was collected from bug bounty programs that met certain criteria. This criterion was that the program started out as private, started no later than May 2019, subscribe to HackerOne program management, and offer cash bounties to hackers.

            Two of the findings that I believe were of note were found. The first was that bug bounties are effective tools for companies, even those that range in size and level of development. The other was that there was very little information actually present about the bug bounty market. I feel that the fact that this article had a finding that explicitly stated that little was known about bug bounties is very telling about the state of the programs that offer these bounties. I think that they offer a great way for ethical hackers to make a living while companies can have a better understanding of their cybersecurity vulnerabilities. Of course, some policy surrounding these organizations have a need to established, such as policies dictating where these offers can be posted, along with eligibility requirements and prohibitions set.  

Leave a Reply

Your email address will not be published. Required fields are marked *