Bug Bounties Are Not Security
Paying people rewards for finding security flaws is not the same as hiring your own analysts and testers. It's a reasonable addition to a software security program, but no substitute.
I've said this before, but Moshe Yudkowsky said it better:
Here's an outsourcing idea: get rid of your fleet of delivery trucks, toss your packages out into the street, and offer a reward to anyone who successfully delivers a package. Sound like a good idea, or a recipe for disaster? Schneier on Security: Bug Bounties Are Not Security
Back to: PC Security, privacy news