Reaping The Spoils
Vendors across the cybersecurity and IT landscape have in recent years embraced bug bounty programs, or the compensation of outsiders for uncovering and reporting flaws in their hardware, software or applications.
Some 15 technology vendors selling through the channel operate at least one public bug bounty program, according to CRN USA research, with Google running four and Microsoft running eight. Eleven of those vendors operate a digital 'hall of fame' to recognise security researchers for their findings, while two suppliers also provide hackers with goodies such as t-shirts for finding a bug.
Eight of the vendors run their own bug bounty program, with six companies managing their programs using Bugcrowd and one company using HackerOne.
Bugcrowd and HackerOne provide organisations with a SaaS platform and access to the security researchers necessary for running a successful bug bounty program.
Here's a look at how much the 25 programs compensate security researchers for their findings.