Bug Bounties and Crowd Sourcing Security

Clare Brown
Sep 7, 2018 · 2 min read

Bug Bounties. Maybe you’ve heard of them, maybe you haven’t. If you haven’t don’t worry — this post will explain everything. At yesterday’s #IDGTECHtalk Twitter chat we discussed the role bug bounties can play in securing the enterprise. We heard from CSOs and security experts who have dappled in bug bounty hunting themselves.

Here’s what we learned:

But first, what in the world is a bug bounty??

Bug bounties are essentially crowd sourced security protection. Bug bounty hunters are white-hat hackers who are paid a fee for discovering security threats in a system.

Bug Bounties seem to be reserved for larger corporations

When we asked if our experts were currently using bug bounties, the majority of them answered no. We later learned that bug bounties require a lot of time and money, so smaller organizations might not use them as frequently. However, organization like Google or Facebook who have the resources to manage the white hackers and pay them handsomely might utilize a bug bounty program more readily.

Trust is an issue

Another huge point that was raised is whether or not bug bounty hunters can be trusted. How do we know if these hackers are really white hat? It is very easy for someone to discover a bug in your system and use that knowledge against you to get more money. That is why organizations need very clear language, formal contracts and NDA’s in place before any bug bounty program can begin.

Some experts propose flat fees

Some of our experts proposed a flat fee payment strategy for reported vulnerabilities. This could help lessen the occurrence of extortion and level the playing field for hackers a bit.

Bug Bounties involve a lot of risk, but they can also be really beneficial

Crowd sourcing your security vulnerabilities can be a really great way for organizations to discover any vulnerability in their organization, apps, or products, but the cost and risk will always be there. So that has to be taken into consideration.


Big thanks for everyone who attended this enlightening chat. And huge thank you to George Gerchow for leading the discussion. If you are interested in joining an #IDGTECHtalk they occur every Thursday at 12pm ET on Twitter. Please join us!

IDG TechTalk

The #1 tech publisher. We report the hottest tech trends from leading experts & the biggest brands. Join us every Thursday, 12pm ET, for the #idgtechtalk chat.

Clare Brown

Written by

IDG TechTalk

The #1 tech publisher. We report the hottest tech trends from leading experts & the biggest brands. Join us every Thursday, 12pm ET, for the #idgtechtalk chat.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade