- Best Prime Day Nintendo deals to shop in October 2024
- Best Prime Day TV deals to shop in October 2024: Save up to $2,000
- the Onson 2-in-1 robot vacuum is almost 70% off in this Walmart anti-Prime Day deal
- Save $600 on this 85-inch TCL TV at Amazon during October Prime Day
- Best Prime Day gaming deals to shop in October 2024
#IMOS21: Six Components of a Bug Bounty Program
Speaking at the Spring Infosecurity Magazine Online Summit, Sean Poris, director, product security at Verizon Media, explored how to run a bug bounty program, outlining the six components of a successful big bounty structure.
Poris explained that, by investing in bug bounties, organizations are potentially tapping into “hundreds of thousands of global hackers” that think about software and vulnerabilities in ways that internal staff might not.
He also said that knowing and understanding your objectives is key when it comes to running a bug bounty program, so organizations must have clear focus on “what they are trying to accomplish in standing up the program.” This should also include taking time to consider “what researchers will want from your program” and how you can work alongside them, along with the long-term goal of your program.
Once those aspects are established, Poris said there are six components to ensuring ongoing bug bounty success for an organization.
These six components are:
- Scope: what’s in, what’s out?
- Platform: report intake and communications
- Talent: hackers and teams
- Financials: budget, forecast and payments
- Operations: process, consistency and oversight (metrics)
- Policy: rules of the road, safe harbor and compliance
Ultimately, “a bug bounty program is a crowdsourcing initiative that rewards individuals for discovering and reporting software bugs,” and by taking a considered, federation-like approach, organizations can make a success of their bug bounty journeys.