A bug bounty program is among the most impactful additions to a software security process. With a bug bounty program, security researchers submit reports on potential vulnerabilities, typically with the promise of a reward or “bounty” for their efforts.
Not all bug bounty programs are created equal, however. There is a right way and a wrong way to get reports that will actually help an organization improve its security. Kymberlee Price, senior director of Researcher Operations at Bugcrowd, is well versed on the topic, as she helps keep multiple bug bounty programs and thousands of security researchers aligned.