Bug Bounty Programs Becoming Best Practice
Bug bounty programs have increased in popularity among mainstream enterprises and are turning into an industry best practice, Bugcrowd report says.
Recent research shows bug bounty programs are implemented not only by technical companies, as over 25% of the 286 programs are run by financial and banking companies. The large tech corporations who created the market for bug bounty programs have so far spent over $13 million on their programs in 2016.
Compiled from data collected from Bugcrowd”s platform and other sources throughout 2016, “the all-time average bug reward on Bugcrowd”s platform has risen from $200.81 in our first annual report, to $294.70, an increase of 47%.”
Although bug bounty programs trace their origins to Netscape over 20 years ago, only now are they turning into a best practice. Companies are aware changes are needed in the way surfing the Internet and its security are approached so they should assess their vulnerabilities to improve the safety of their products and services, researchers say.
“The majority of today”s bug bounty programs are scoped to web and mobile application targets, although there are several high profile examples of programs run on IoT devices and cars, such as Tesla Motor”s program and General Motor”s program,” Bugcrowd analysts said. “Other bounties focus on traditional, installable software, including Microsoft”s Bug Bounty program and Google”s Vulnerability Reward Program (VRP).”
Cross-site Scripting (XSS) represents 66% of reported vulnerabilities, followed by Cross-site Request Forgery. Some 38% of submissions apply to the XSS, CSRF, mobile, SQLi and clickjack categories.
“2015 was the year companies realized that, when it comes to cybersecurity, the pain of staying the same is exceeding the pain of change,” said Casey Ellis, CEO and founder of Bugcrowd. “This tip is causing companies to realize that the only way to compete with an army of adversaries is with an army of allies. Even the most risk-averse industries are embracing, and successfully implementing, crowdsourced cybersecurity programs. This growth validates today’s reality: distributed resourcing approaches like bug bounty programs are the best tools to create parity with the adversary.”
Ultimate Privacy Guide for Your Facebook Account
August 31, 2021
7 Signs It’s Time to Use Parental Controls On Your Family’s Devices
August 27, 2021
Your Netflix Account May Be on Sale on Darkweb. Protect It
August 13, 2021
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US
July 16, 2021
How to protect yourself against cyberstalking
July 06, 2021
FOLLOW US ON
You might also like
September 17, 2021