Bug bounties have become a big part of the strategy for companies to get security researchers on their side. While there are many bugs out there that fetch a higher price in the shady back channels than the bug bounties, at least the researchers are awarded something for responsibly disclosing the vulnerability to the company. Pwn2Own is one event we have seen is centered around exploiting software and notifying the developers.
This infographic is titled ‘Can bug hunters keep the Internet safe?’. It summarizes which companies have bug bounty programs, which don’t, top flaws found, and creating a security program for an application.
(Credit: Veracode)