Bug bounty programs have experienced immense success throughout the years, and can also be credited as initiatives that promote security. For years hackers have been typecast as these nefarious individuals that primarily work toward causing havoc and stealing sensitive information, but not much light was shed on the other side of the coin.
Bug bounties have ultimately educated people that there are hackers can also be seen as the digital equivalent to a locksmith. Sure, they may have “criminal skills,” but they don’t have any intent to cause harm and only want to do good, according to Casey Ellis, founder of Bugcrowd. But the evolution of bug bounty programs has gone much further than just changing the perception of what a hacker is. They’ve also established themselves as proven feedback loops for organizations searching for vulnerabilities and addressing them, in addition to educating engineering teams on how to prevent them in the first place.
“As a result [of bug bounty programs] we’re addressing a cybersecurity skills shortage, we’re addressing the fact that vulnerabilities are everywhere…and we’re addressing the fact that if you have those types of vulnerabilities in your system that bad things do happen,” Ellis told InfoSec Insider during a video interview.
In the full video interview below, Ellis discusses the evolution of bug bounty programs and their impact on information security, in addition to providing tips on the key areas to focus on when it comes to developing a bug bounty program at your organization.