Want to set up a successful bug bounty? Make sure you write it for the flaw finders and not the lawyers

2020-10-08 22:40

If you're designing a security bug bounty for your organization's products, by all means get the lawyers to take a look, but keep their hands off the keyboard.

Chloé Messdaghi, veep of strategy at infosec training firm Point3, said she's encountered bounty programs that look more like they're intended for the legal team than the security community.

"We come across bug bounty programs, and sometimes it is written by an attorney for an attorney to understand it."

Chris Wlaschin, veep of systems security at voting machine maker Election Systems and Software, said there is a "Warming" of relations between machine vendors and white-hat hackers.

Regardless, it seems election officials would like to see both camps set aside their differences and get to work on rooting out potential security vulnerabilities in election-related systems sooner than later.

News URL

https://go.theregister.com/feed/www.theregister.com/2020/10/08/cisa_bug_bounty_panel/

#bounty #bugbounty

News URL

Related news