Bug bounty programs are crowdsourcing initiatives that reward experienced independent researchers for identifying and reporting on bugs or vulnerabilities in technology and software programs. In 2014, Silent Circle became the first mobile security company to introduce a bug bounty program when it announced that it would pay a reward per bug identified for its Blackphone device.
The first bug bounty program was introduced in 1983 when Hunter & Ready, Inc. offered research experts a Volkswagen Beetle car in exchange for uncovering a bug it its VRTX operating system. This type of program increased in popularity in the mid-1990s, and experienced major growth in the IT industry.
Bug bounty programs span technology industries and range in scope and size based on the potential vulnerabilities, but one truth is paramount: security researchers are in high demand as statistics say some 2 billion lines of code are released each week with over 110 billion lines of software code created in 2017 alone.
With the continued global cybersecurity threats, bug bounty programs can be a highly effective means to identifying vulnerabilities early on. Bugcrowd, a company that specializes in crowdsourced security, reported that bug bounty programs on the Bugcrowd platform paid out in excess of $6 million in 2017 and that 77% of all bug bounty programs had their first vulnerability reported in the first 24 hours of announcing the program.
Despite the widespread use of bug bounties throughout many technology industries, mobile security bug bounty programs are a comparatively new concept. Many mobile security companies are interconnected with different industry partners that develop hardware versus software. In these cases, it can be difficult to offer a bug bounty program if one company doesn’t have control over the entire product. Fortunately, as the mobile security industry continues to evolve, bug bounty programs are becoming a more commonplace and effective method for catching vulnerabilities.
Silent Circle complements an organization’s existing security infrastructure, ensuring secure communications and guarding against malicious device compromise and cyber threats. To learn more about how Silent Circle is securing enterprises across the globe, read about our products and solutions.