Category Archives: Blog

Date: August 16, 2024 Author: Chris Holt, Intel Bug Bounty Program Manager Background Bug Bounty programs are structured to take reports from external security researchers, route them to product and development teams for mitigation, and then offer rewards for verified findings. Standard program operations only leverage development team’s time to test the mitigation and confirmContinue reading “Case Study: How Intel is Challenging the Norms of Bug Bounty Retesting”

In response to: The Hackers’ Viewpoint: Exploring Challenges and Benefits of Bug-Bounty Programs Bug Bounties have been a mainstay in many security programs, though they do suffer growing pains from time to time. The Hackers’ Viewpoint: Exploring Challenges and Benefits of Bug-Bounty Programs uses a qualitative approach to assess Bug Hunters’ views on Bug BountyContinue reading “Effective Communication Goes a Long Way”

In response to: https://www.darkreading.com/vulnerabilities—threats/vulnerability-disclosure-programs-see-signups-and-payouts-surge/d/d-id/1338989  While we’re happy that crowdsourced security programs are attracting positive media attention, it’s important to point out that a Vulnerability Disclosure Program (VDP) isn’t a bug bounty, and a bug bounty isn’t a VDP. Both allow for coordinated disclosure between companies and researchers, but there are some stark differences between theContinue reading “Call a Duck a Duck, not a Bug Bounty”

The social tide has been turning to become more inclusive for decades, but still we hold onto remnants of the past. Many of the terms used in the security technology ecosystem are inherently exclusive and support a culture that has historically created hurdles and limits for diverse people. With the unprecedented events of 2020, individualsContinue reading “The Imperative of Inclusion”