As informações desta página não estão completamente disponíveis no seu idioma de escolha. Esperamos disponibiliza-las integralmente em outros idiomas em breve. Para ter acesso às informações no idioma de sua preferência, faça o download do PDF aqui.


Bug bounties

This blip is not on the current edition of the Radar. If it was on one of the last few editions it is likely that it is still relevant. If the blip is older it might no longer be relevant and our assessment might be different today. Unfortunately, we simply don't have the bandwidth to continuously review blips from previous editions of the RadarUnderstand more
Published: Nov 10, 2015
Last Updated: Nov 07, 2016
Nov 2016

The use of bug bounties continues to grow in popularity for many organizations, including enterprises and notable government bodies. A bug-bounty program encourages participants to identify potentially damaging vulnerabilities in return for reward or recognition. Companies like HackerOne and Bugcrowd offer services to help organizations manage this process more easily, and we're seeing these services gather adoption.

Apr 2016
Nov 2015

More and more organizations are starting to use bug bounties to encourage reporting of what are often security-related bugs, and in general help improve the quality of their software. To support these programs, companies like HackerOne and BugCrowd can help organizations manage this process more easily. We have limited experience with these offerings ourselves, but we like the idea of encouraging people to help come forward and highlight what can often be damaging vulnerabilities in an open and transparent way. It's worth noting that there might be some legal issues with encouraging users to find vulnerabilities in your software, so please do check that out first.