Managed crowdsourcing for vulnerability assessments
Conclusion: Third party bug bounty programs can be an effective way of incentivising security researchers around the world to share a discovered vulnerability. Third party bug bounty programs are invaluable as they help provide a structure for responsible disclosure and minimise the opportunity for the vulnerability to be exploited. When a bug bounty company uses crowdsourcing of security researchers, it adds the gamefied imperative for the researchers to report quickly in order to get the bounty before their peers. Engaging with a crowdsourcing bug bounty company not only demonstrates a reasonable security measure, it also helps close the window of opportunity for criminals.
About The Advisor
James Turner is an IBRS emeritus Advisor who specialised in cyber security and risk and facilitates the CIO Cyber and Risk Network on behalf of IBRS. James has over a decade of experience as an industry analyst and advisor; researching the cyber security industry in Australia. As an IBRS Advisor, James authored over 100 IBRS Advisory papers, led dozens of executive roundtables, and presented at numerous conferences.