November 19, 2018
Hot Topics:

Researchers: Bug Bounties Don't Work

  • April 21, 2015
  • By Developer.com Staff

New research conducted by the Massachusetts Institute of Technology (MIT), Harvard University, Facebook and Hacker One finds that offering a bug bounty isn't the most effective way to increase the security of software. According to the researchers, offering money in exchange for information about vulnerabilities only helps to eliminate the "low-hanging fruit," the bugs that were easy to find.

Instead, the report says that developers should pay researchers to develop tools that can spot bugs, which is a more cost effective strategy for improving security in the long run. The report added that it is particularly difficult to counteract the efforts of organizations like national intelligence agencies that have a lot of funding and interest in finding vulnerabilities.

View article

Comment and Contribute


(Maximum characters: 1200). You have characters left.



Enterprise Development Update

Don't miss an article. Subscribe to our newsletter below.


Thanks for your registration, follow us on our social networks to keep up-to-date