| win32sux |
01-15-2011 09:13 PM |
Bug Bounties: It’s a matter of business risk
Quote:
Controversy has sprung up around the concept of bug bounties recently. This most notably occurred when Barracuda Networks announced their Bug Bounty program. They joined the ranks of companies like Google and Mozilla. This practice involves the offering of monetary rewards to security researchers who privately disclose vulnerabilities back to the vendor.
The researcher is paid according to the severity of the security vulnerability disclosed. There seems to be some contention that, while this was okay for Google and Mozilla, a security vendor such as Barracuda has no business doing such a thing. Rather than steep ourselves in that controversy, let us take a look at the practice of the Bug Bounty itself.
|
Complete Article |
