Already an attractive option for a variety of consumer applications, crowd sourcing is now catching on in the corporate world. One emerging area of crowd sourcing is bug bounty programs. These are rewards offered by organizations to security researchers or whitehat hackers, who receive recognition and financial compensation for finding and reporting bugs, exploits and vulnerabilities in the organizations’ websites and applications. As a technology company or security professional, it’s easy to see the attraction of running bug bounty programs. But these programs are not without risk, and timing can be a critical factor. Unless they are managed carefully, bug… [Continue Reading]