Bug bounty
The one limitation of pen-tests and even red teams is that they are dependent on the skill set of those employed by the blue team. However, there is an opportunity to take the help of the masses and hence have the brightest minds out there to test the security of systems. Such initiatives are called bug bounty programs.
People who take part in such a crowdsourcing project known as a bug bounty system, also known as a vulnerability reward scheme, are eligible to receive incentives for discovering and reporting software flaws. This is because people who take part in these projects are given the opportunity to discover and ethically report software vulnerabilities. Bug reward programs are widely employed as a complementary measure to internal code inspections and penetration testing as a component of an organization’s vulnerability management approach.
Such programs are widely popular, especially with tech platforms. These schemes offer monetary awards to security...