reddit hackernews mail facebook facebook linkedin

Bug Bounty Programs

With the evolution of cybercrime this last years, security is became an important budget in large companies. For instance, Facebook has created a dedicated platform for security reseacher and frequently reward them ($1.3 million spent in 2014).

Ebay, Airbnb, Yahoo, Snapchat, Wordpress, all of these companies are now aware about security and all of them have subscribed a bug bounty program.  Even mobile plateform as Android and IOS apps are recently focused by the giant Google.

Do you think you are safe because you are not one of those giant ? Wrong, everyone has to feel concerned, from big companies to small business, hackers are everywhere. Even a small blog can be targeted, even if you haven’t dozen of datas, credit card or money, your site can be used to perform anonymous attacks, your server can host dangerous files or whatever…

Don’t be shy and subscribe ! Everyone can create his own bug bounty program on specific sites like HackerOne or Bugcrowd, you simply need to define the perimeter of the tests, allowed attacks and elligible vulnerabilities.  Depending of your current security level, the researchers can contact you very quickly.  From kudos to thousands dollars, rewards varies depending of the type of the vulnerabilitie found, the impact it can have (on you, your clients and visitors) and your founds…

With that kind of solution your platform will be better day by day, improving her quality and security. Of course that does not mean that you don’t need to work by yourself on your own project. Code review and tests must be still performed.