Why Offering Bug Bounties Will Be Widespread, Even in Government


With the worldwide shortage in cybersecurity professionals, more public and private sector organizations are turning to new ways to find and fix security vulnerabilities in their systems and networks. One growing trend: Inviting global hackers (sometimes called “white hat” hackers) to report security holes to you — and rewarding those hackers for doing so. For more background on this topic, I’ve introduced this coordinated vulnerability disclosure program trend in another blog last year. After events so far in 2017, I’ve become even more convinced that state and local governments need to start building bug bounty programs. Also, state and local governments can learn from federal government and private-sector experiences on this important topic. During the first half of this year, technology media coverage of bug bounty programs has increased substantially. Here are a few 2017 examples to consider:   — Federal Computer Week (FCW): Why bug bounties are worth the risk   — TechCrunch: Air Force launches bug bounty program   — InfoSecurity Magazine: US Bug Bounty Programs Here to Stay Under Trump Administration   — Federal News Radio: Lessons learned from DoD’s bug bounty program An Exclusive Interview with HackerOne CEO Marten Mickos To dig deeper on this topic,…

Read more here: Why Offering Bug Bounties Will Be Widespread, Even in Government

Leave a Reply

Your email address will not be published. Required fields are marked *