Attracting the Hacker—Bug Bounties and Coordinated Vulnerability Disclosures

In the past, IT was driving the tools for the business. Today, “the IT” no longer exists. Tools are selected and implemented by business users. The main driver is digital transformation—supported by widespread, cheap and ubiquitous technology. At the same time traditional security also is being “digitally transformed” as these new landscapes also expand cyberspace attack surfaces.

Ideally, companies have a well-established cyber defense; in reality, they are often reactive, slow and provide limited visibility of the attack surface, allowing hackers to be that one step ahead. That’s why companies should turn the tables and pay these hackers to challenge the security surrounding products and services. A bug bounty program supports this by opening a path for them to legally monetize their findings.