Will bug-bounty-as-a-service firms like HackerOne and Bugcrowd continue to grow and flourish or are their customers going to eventually move to bring the service in house?#cybersecurity #security
Health & Wellness
Yesterday
661
Ways to reduce stress immediately
Personal Finance
Yesterday
1951
Hit new milestone: 1.4M at 29F
Health & Wellness
11h
515
Misdiagnosed As a Child
Software Engineering Career
8h
360
Ideal TC to coast peacefully
India
Yesterday
299
Modi is at least honest on Media that it is not neutral but Godi media
The competition is not in house penetration testers. Management often prefers to avoid the recurring cost of internal headcount. It’s more common to contract a penetration testing firm like Rapid7, NCC Group, or one of the smaller boutique shops to fill in gaps in the bounty program findings.
The Future is Bright. Apart from regular bugs, companies use BugBounties for "Responsible Disclosure". Although, it's a crowded market for the researcher.
HackerOne and BugCrowd payouts are peanuts. Checkout Zerodium.
Just checked HackerOne payout for “Critical” vulns are 10-15k...It takes many many many hours to find exploitable vulnerabilities in high value targets like Chrome or Windows. At 10-15K you might as well work for free.
Hacker one/Bugcrowd is more for webservice vulns, Zerodium,etc for os/server vulns In general in bug bounty it's good to have an intermediary than direct interactions. It's really a frustrating business
hello I'm a noob
The platforms will be around for a while but it has gotten extremely competitive. Plus many hunters are frustrated due to very high duplicate reports. There is still scope but the space is too crowded to make a dent