Call a Duck a Duck, not a Bug Bounty

In response to:—threats/vulnerability-disclosure-programs-see-signups-and-payouts-surge/d/d-id/1338989  While we’re happy that crowdsourced security programs are attracting positive media attention, it’s important to point out that a Vulnerability Disclosure Program (VDP) isn’t a bug bounty, and a bug bounty isn’t a VDP. Both allow for coordinated disclosure between companies and researchers, but there are some stark differences between theContinue reading “Call a Duck a Duck, not a Bug Bounty”