Since the launch of the Hack the Pentagon program in 2016, bug bounty programs continue to increase in popularity – however, as more programs are created, some companies are forgetting the real reason behind bug bounties. Instead of aiming to make their systems more secure, companies are viewing bug bounty programs as a “one size fits all” solution for their business. Katie Moussouris, founder and CEO of Luta Security, said this is a big issue in the current industry.
“There’s kind of an inherent conflict of interest with a lot of the current bug bounty service providers, where they only have that one thing that they’re offering you, so they need for you to think it’s a really good value and a good value at any stage of your maturity, which is not always the case,” she said.
In this week’s Threatpost Podcast, Moussouris talks about the challenges in developing bug bounty programs that actually work.