Jul 20, 2017 · 1 min read
Hi Kevin — thanks for the write-up it’s great. Do you mind sharing how much you spend on bounties in total on the program? Also, would it be correct that out of 200 reports you paid bounties to 80 of them (e.g. for 120 other reports you decided not to pay a bounty)? We are working on ROI calculations across different crowdsourced appsec approaches and I’ll like to include your data there. Cheers.
