Demand for cybersecurity has grown into a USD 96 billion industry, and cybercrime costs have risen to an estimated USD 600 billion annually. One new innovative solution to combat cybercriminals and protect businesses is bug bounty platforms. Bug bounty platforms are large communities of “white hackers” (those that test software for security vulnerabilities in exchange for monetary compensation) that also maintain their own in-house team of cybersecurity experts. In short, “white hackers” identify vulnerabilities to experts who then verify them and send a bug report about the vulnerabilities as well as ways to correct them. Bug bounty platforms offer three main advantages over traditional cybersecurity companies:
- Access to human capital – standard cybersecurity services have 5-20 employees test software; bug bounty platforms can have hundreds or thousands of specialists in various fields test software.
- Testing time – penetration tests typically last for a month or two. Bug bounty platform tests can last for months or even years, allowing more vulnerabilities to be found and corrected.
- Reward system – a standard cyber security service company is rewarded for the process (i.e. the penetration test), whereas bug bounty platforms reward “white hackers” for confirmed bugs found. In other words, the reward system is focused on the number of vulnerabilities and not the process itself.