What Is A Bug Bounty Program And Why Every Organization Need One ?

Shasanka Sahu
Aug 8, 2017 · 2 min read

Bug bounty program which is also known as Vulnerability Rewards Program (VRP) is a crowdsource initiative which rewards security researchers for discovering and reporting software bugs. This program aims to supplement your existing internal code audits and penetration testing as part of the organization’s vulnerability management strategy.

Bug bounty program should be part of every organization’s penetration testing plan. It provides them an opportunity to engage with a worldwide community of diverse ethical talent pool who wants to help your organization to build secure application in return for rewards and recognition.

Leading organization such as Facebook, Google, Twitter, Uber, and many more run their own bug bounty programs. In 2016, Google has paid out $3 million. Facebook has paid as much as $33k for a single bug report. In 2016, Apple announced reward of $200,000 for a flaw in the iOS secure boot firmware components and up to $50,000 for execution of arbitrary code with kernel privileges or unauthorized iCloud access.

Bug bounty program is suitable for organizations of all sizes. Here are few reasons why every organizations need one:

  1. Wants to secure application:

Research says 80% of all web applications and mobile applications contains security loopholes. Most organizations don’t realize this and they gets vulnerable to cyberattacks. Cyberattacks leads to loss in reputation, brand equity, business continuity, loss of revenue, and customer trust. Every organization should strive to avoid critical bugs in their application.

2. Not having enough resources to manage bug bounty program

Most of the organization don’t have enough security researchers to launch and manage a bug bounty program or have their applications tested against critical vulnerabilities. Bug bounty platforms provides access to talents, offers services like bug triaging, bug report validation, managing bounty setting and payments. Bounty programs takes the hassle away so that organizations can concentrate on their core strengths.

3. Building a culture of security consciousness

Safehats bug bounty program provides access to Safehats community where industry experts, security researchers, and technical vendors shares their knowledge on enhancing security and become cyber resilient.

To know more about our programs, contact us at sales@instasafe.com

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade