Menu

Atualmente o conteúdo do nosso radar interativo está disponível apenas em inglês. Para visualizar o radar no seu idioma, faça download do PDF aqui.

Técnicas

Bug bounties

NOT ON THE CURRENT EDITION
This blip is not on the current edition of the radar. If it was on one of the last few editions it is likely that it is still relevant. If the blip is older it might no longer be relevant and our assessment might be different today. Unfortunately, we simply don't have the bandwidth to continuously review blips from previous editions of the radarUnderstand more
Nov 2016
trial?

The use of bug bounties continues to grow in popularity for many organizations, including enterprises and notable government bodies. A bug-bounty program encourages participants to identify potentially damaging vulnerabilities in return for reward or recognition. Companies like HackerOne and Bugcrowd offer services to help organizations manage this process more easily, and we're seeing these services gather adoption.

Apr 2016
trial?
Nov 2015
assess?

More and more organizations are starting to use bug bounties to encourage reporting of what are often security-related bugs, and in general help improve the quality of their software. To support these programs, companies like HackerOne and BugCrowd can help organizations manage this process more easily. We have limited experience with these offerings ourselves, but we like the idea of encouraging people to help come forward and highlight what can often be damaging vulnerabilities in an open and transparent way. It's worth noting that there might be some legal issues with encouraging users to find vulnerabilities in your software, so please do check that out first.