February 3rd, 2015
Companies release new software and products to corporate users and consumers, hoping final product releases are stable and free of bugs.
But it’s much easier said than done to release a secure and polished product. While companies try to work diligently to prevent vulnerabilities, they can only be partly successful with sometimes limited organizational capability by their respective internal teams.
That’s where bug bounty programs come in.
During a recent Open Web Application Security Project (OWASP) conference, a hosted bug bounty contest found more than 80 vulnerabilities for the companies that participated. These types of contests and hosted programs are becoming more popular, taking place at other major computer and technology conferences across the United States.
Once discovered by third-party coders, companies move rapidly to analyze reports and fix legitimate vulnerabilities before they can be exploited.