Securing your Infrastructure using Crowdsourced Security
Bug Bounty and Vulnerability Disclosure — What, Why, How
A bug bounty program incentivizes external third parties to find security vulnerabilities in a company’s software and report them directly to the company so they can be safely resolved. In return, the finders of the vulnerabilities are rewarded with monetary prizes.
A vulnerability disclosure program solely gives clear guidelines for how an organization would like to be notified of potential security vulnerabilities found by external third parties. It’s intended to give finders directions on how and where to report a vulnerability so that the proper team can address them.
Components of a Bug Bounty program
A Responsible disclosure policy
A Scope for researchers
A dedicated medium of reporting bugs
A ticketing system
Bird’s eye view of Crowdsourced Cyber Security
Not just Tech companies but corporate sector is also starting to take bug bounties seriously
The finance and banking industry tend to run private programs
The sad part however 94 percent of companies on the Forbes 2000 list do not currently have a vulnerability disclosure or bug bounty program
Overall, organizations from more ‘traditional’ industries have seen year-over-year growth of over 217 percent on average, including Financial Services and Banking, Automotive, Healthcare, Education, Telecommunications, Hospitality, Real Estate, Utilities and Consumer Goods
BUG BOUNTY VS. PENETRATION TESTING — KEY DIFFERENCES
