Dive Brief:
-
The first “State of Bug Bounty Report” by cybersecurity firm Bugcrowd found the use of bug bounties is growing among businesses.
-
Researchers discovered a total of 729 high-priority vulnerabilities were found using “bug bounty” types of contests over the last 2.5 years. 175 of those were characterized as "critical."
-
Bug bounties can save enterprises hundreds of thousands of dollars by detecting weaknesses before deployment, the study said.
Dive Insight:
As companies look to address evolving cyber security demands, bug bounties are giving them a new way to assess security risks. Companies have generally been wary of the process, which relies on hackers to find security vulnerabilities. But the study shows that more companies are beginning to take a stab at bug bounties, which may be increasingly attractive given the lack of cybersecurity talent currently available.
“2014 brought unprecedented participation in crowdsourced and static bug bounty programs, and 2015 will surely outpace this number,” the report said.
Bugcrowd’s research showed that companies including Western Union, Tesla Motors and United Airlines have all conducted bug bounty programs.
Casey Ellis, Bugcrowd’s CEO, called bug bounties “the rise of the geek economy for hackers” and “a more efficient way to connect supply and demand.”