The bug bounty market has some flaws of its own
In the wake of Microsoft’s announcement of a $250,000 reward for new hardware vulnerabilities, there’s growing concern that inflated bounties might be creating perverse incentives for young cybersecurity researchers and distorting the market for white-hat bug hunters. “If you can make considerably more money hunting bugs, there will be nobody left to fix them,” tweeted Katie Moussouris, a security researcher who created the first Microsoft program that rewarded those who reported vulnerabilities. “Those who do the hard work of code maintenance in corporations, dealing w [office] politics for a salary that’s ~1 bounty are 1 bad meeting away from rage quitting to hunt bugs full time,” the tweet concluded. “Motivations vary among hackers … but most are driven by some combination of three factors,” she told CyberScoop: Financial compensation, peer recognition and “the pursuit of intellectual happiness — loving what you do.” Moussouris would know. In addition to her practical […]
The post The bug bounty market has some flaws of its own appeared first on Cyberscoop.
Continue reading The bug bounty market has some flaws of its own