Get ahead of the hack: How to put bug bounties to work
Running a bug-bounty program these days marks a departure from a decade ago, when researchers had to worry that, if they reported a bug, they could open themselves up to civil lawsuits or criminal prosecution. In fact, the trajectory of profiting from vulnerability research has followed the path of digital music, said Dan Cornell, CTO for the Denim Group, a software security consultancy.
“They took a weird marketplace with messed-up economic incentives and said that this might not be ideal, but here is a structured way of doing this that makes sense for everyone,” Cornell said. “And that was all that the market needed to stabilize and make a lot of sense.”
About Denim Group
Denim Group is the leading secure software development firm, serving as a trusted advisor to customers on matters of software risk and security. The company builds software for the most security conscious while helping organizations assess and mitigate risk within their existing software. Denim Group's flagship ThreadFix product accelerates the process of software vulnerability remediation, reflecting the company's rich understanding of what it takes to fix application vulnerabilities faster. Denim Group has emerged as a strong contributor to the larger application security community and has actively participated in the Open Web Application Security Project (OWASP) since shortly after its inception.
Among many other awards, Denim Group has landed on the "Inc. 5000" list - which recognizes the country's 5000 fastest-growing private companies - for five years in a row. In addition, the San Antonio Business Journal named Denim Group as one of the "Best Places to Work" in the city.
Denim Group is a registered service mark of Denim Group, Ltd.
Other names and brands may be claimed as the property of others.