Bug Bounty Startups Are Taking Over
Bug bounty is an award that encourages white hat hackers to detect bugs in a company’s code. Bug bounty has been around since 1995 with Netscape’s browser. Today big companies such as AT&T, Yahoo, Facebook, Etsy, etc. all offer bug bounty awards for people who can find a bug in their system’s codes. Bug bounties help motivate hackers to disclose bugs responsibly rather than sell security holes on the black market. Many startups have been created because of these rewards.
Bug Bounty Program
Big companies claim that they get over 16,000 submits from bug bounties yearly. Facebook claims that their security engineers review every single one of the submissions. For the average person, that can be a lot of hard work going through tons and tons of submissions everyday. To fix this problem, a new startup named BugCrowd will help you manage all the necessary grunt work. BugCrowd will go through the submissions for your company saving you a lot of work. BugCrowd is essentially a crowdsource cybersecurity startup. The whole process is simple and you can sign up to be either a tester or create a bug bounty.
How much do companies pay for bug bounty?
The reward for a bug bounty can vary depending on the bug and also depends on the companies pay out policy. A notable case is when a computer security expert ,Reginald Silva ,found a security hole in Facebook’s servers, he quickly let the company know. And Facebook paid him 33,350 as a bug bounty reward. Startups like BugCrowd encourage people to test for bugs so that they can get paid for it. Bugcrowd will handle all the rewards for you as a tester. In his own blog post, Silva jokingly cited a Bloomberg story where Facebook security director Ryan McGeehan pledged that even “a million-dollar bug” would be paid for under the program.
Check out BugCrowd’s how it work here: