- Finally, a smart air purifier that effectively replaces allergy medicine for me
- El Hospital Sant Joan de Déu mejora la atención al paciente a través de un nuevo modelo de gestión de datos
- Should you buy a cheap robot vacuum? This $400 model proves it might even be a great idea
- Samsung appliances are about to get smarter and wiser - thanks to AI
- Your Google Pixel 9 is getting a significant audio upgrade - and it's coming for free
#IMOS21: Six Components of a Bug Bounty Program
Speaking at the Spring Infosecurity Magazine Online Summit, Sean Poris, director, product security at Verizon Media, explored how to run a bug bounty program, outlining the six components of a successful big bounty structure.
Poris explained that, by investing in bug bounties, organizations are potentially tapping into “hundreds of thousands of global hackers” that think about software and vulnerabilities in ways that internal staff might not.
He also said that knowing and understanding your objectives is key when it comes to running a bug bounty program, so organizations must have clear focus on “what they are trying to accomplish in standing up the program.” This should also include taking time to consider “what researchers will want from your program” and how you can work alongside them, along with the long-term goal of your program.
Once those aspects are established, Poris said there are six components to ensuring ongoing bug bounty success for an organization.
These six components are:
- Scope: what’s in, what’s out?
- Platform: report intake and communications
- Talent: hackers and teams
- Financials: budget, forecast and payments
- Operations: process, consistency and oversight (metrics)
- Policy: rules of the road, safe harbor and compliance
Ultimately, “a bug bounty program is a crowdsourcing initiative that rewards individuals for discovering and reporting software bugs,” and by taking a considered, federation-like approach, organizations can make a success of their bug bounty journeys.
