Enterprise-sponsored bug bounties continue to grow in popularity. With that growth have come debates about the best ways to manage the risks involved with paying unknown researchers and hackers to find vulnerabilities.
Some companies have adopted invitation-only bug bounties, leading to a higher percentage of quality submissions than vulnerabilities identified in public crowdsourcing programs. Other enterprises, especially those in the technology field, are ramping up their bug bounty programs and offering community researchers a clear path for reporting vulnerabilities and potential fixes.
Read the full article on SearchSecurity.