NewsResearchers: Bug Bounties Don't Work

Researchers: Bug Bounties Don’t Work

Developer.com content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

New research conducted by the Massachusetts Institute of Technology (MIT), Harvard University, Facebook and Hacker One finds that offering a bug bounty isn’t the most effective way to increase the security of software. According to the researchers, offering money in exchange for information about vulnerabilities only helps to eliminate the “low-hanging fruit,” the bugs that were easy to find.

Instead, the report says that developers should pay researchers to develop tools that can spot bugs, which is a more cost effective strategy for improving security in the long run. The report added that it is particularly difficult to counteract the efforts of organizations like national intelligence agencies that have a lot of funding and interest in finding vulnerabilities.

View article

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends & analysis

Latest Posts

Related Stories