Security News > 2020 > October > Grindr’s Bug Bounty Pledge Doesn’t Translate to Security

Grindr’s Bug Bounty Pledge Doesn’t Translate to Security
2020-10-06 19:44

Grindr isn't alone - many companies are looking to adopt, or have already adopted, bug-bounty programs or vulnerability-disclosure programs.

It's important to distinguish the two: A bug-bounty program offers cash rewards for finding flaws, while a VDP covers when a vulnerability is reported by a third party to an organization.

Companies are rushing in to adopt bug-bounty programs and VDPs without first fleshing out important issues - whether that's defining what's in scope, looking at how an organization can handle an influx of vulnerabilities being reported, or properly training triage teams.

After troves of security vulnerabilities were discovered in the online video conferencing platform, Zoom announced it would revamp its bug-bounty program with the help of Moussouris.

"People thinking VDP is a good first step for bug bounty programs have got it backwards," she said.


News URL

https://threatpost.com/grindrs-bug-bounty-pledge-security/159893/