Managed crowdsourcing for vulnerability assessments
Conclusion: Third party bug bounty programs can be an effective way of incentivising security researchers around the world to share a discovered vulnerability. Third party bug bounty programs are invaluable as they help provide a structure for responsible disclosure and minimise the opportunity for the vulnerability to be exploited. When a bug bounty company uses crowdsourcing of security researchers, it adds the gamefied imperative for the researchers to report quickly in order to get the bounty before their peers. Engaging with a crowdsourcing bug bounty company not only demonstrates a reasonable security measure, it also helps close the window of opportunity for criminals.