Saturday, November 14, 2015

The Depressing Effect of Bug Bounties

Jacob Torrey (via Gwynne Raskind):

By artificially deflating the cost of finding and fixing bugs in operation/shipped product through monopolistic means, bug bounties remove the economic incentive to develop better software by integrating security-aware architects into the SDLC. Bug bounties use their monopoly on setting prices (and preach the evils of selling exploits to other buyers on the market), usually after the vulnerability has been disclosed.

Comments RSS · Twitter

Leave a Comment