How (and why) to launch a bug bounty program

Bug bounty programs are a cost-efficient way to fortify your systems. Here’s how GitHub launched its program, plus tips to get started.

Become An Insider

Sign up now and get FREE access to hundreds of Insider articles, guides, reviews, interviews, blogs, and other premium content. Learn more.

While bug bounty hunters can make good money — with top hackers raking in $250,000 a year, says Alex Rice, CTO and cofounder of bug bounty platform HackerOne — the value to businesses is big, too.

“Companies need to understand that they have vulnerabilities, whether they want to believe it or not,” Rice says. “You want to ensure that at the end of the day, your customers have confidence in your product, which starts with hearing about these vulnerabilities in a controlled manner.”

[ Also on ITworld: Extortion or fair trade? The value of bug bounties ]

Bug bounty programs are not just for big companies — small and midsize businesses can scale the bug bounty program model, which is often a cost-effective way for companies to fortify their systems, Bryson says.

“Consultants are really expensive, and the reality is that most companies can’t afford that,” he says. “Bug bounty programs are one of the best ways for organizations of any size to hire guys like me and get value for cents on the dollar.”

Here’s a look at how software development and code-sharing site GitHub got started with its bug bounty program, plus tips for businesses on starting their own.

To continue reading this article register now

Join the discussion
Be the first to comment on this article. Our Commenting Policies