home_banner `

Content Icon

Create an Efficient, Effective Bug Bounty Program

April 16, 2018 | Ask-An-Expert | Vulnerability Assessment and Management | By Marcus Ranum, IANS Faculty

Organizations with significant software exposure often consider deploying bug bounty programs to improve quality and better manage vulnerability disclosures, but what's the best way to go about it? In this Ask-an-Expert written response, IANS Faculty Marcus Ranum recommends using an internal (vs. outsourced) process and details the critical components for success.


Already a client?

Log In to Continue

Not a client?

Request More Information

Related Research

IANS Vulnerability and Breach Update: Q1 2019

Vulnerabilities and breaches are mainstream news regularly. With a new vulnerability seemingly discovered daily, which should be taken more seriously (i.e., patch now!) and which are overhyped? In this quarterly research report, IANS Faculty Mike Saurbaugh updates clients on the top vulnerabilities and breaches from the past quarter and provides some real-world context and perspective.

Integrate a Vulnerability Scanner with a CMDB

Integrating a vulnerability scanner with a configuration management database (CMDB) can help streamline operations, but what does and doesn't work for such integrations? In this Ask-an-Expert written response, IANS Faculty Marcus Ranum explains the process and offers tips for success.