January 24, 2021
Hot Topics:

Researchers: Bug Bounties Don't Work

  • By Developer.com Staff

New research conducted by the Massachusetts Institute of Technology (MIT), Harvard University, Facebook and Hacker One finds that offering a bug bounty isn't the most effective way to increase the security of software. According to the researchers, offering money in exchange for information about vulnerabilities only helps to eliminate the "low-hanging fruit," the bugs that were easy to find.

Instead, the report says that developers should pay researchers to develop tools that can spot bugs, which is a more cost effective strategy for improving security in the long run. The report added that it is particularly difficult to counteract the efforts of organizations like national intelligence agencies that have a lot of funding and interest in finding vulnerabilities.

View article

This article was originally published on April 21, 2015

Enterprise Development Update

Don't miss an article. Subscribe to our newsletter below.

Thanks for your registration, follow us on our social networks to keep up-to-date