home.aspx
 
. https://www.synopsys.com/blogs/software-security/bug-bounty-programs/
blog article
BUG BOUNTIES: A GOOD TOOL, BUT DON’T MAKE THEM THE ONLY TOOL IN SECURITY
Bug bounties are hot. They are everywhere. Of course, popularity doesn’t guarantee quality. Just because everybody is doing it doesn’t necessarily mean it’s the best way to maintain the security of your organization. But the word from most experts is that bug bounties are a good thing, as long as they’re not the only thing—they’re not a cheap substitute for rigorous testing throughout the entire software development life cycle (SDLC). Do bug bounty programs work? Whether that’s happening or not is, at least at the moment, essentially drowned out by the sheer number of bug bounty programs in existence and the number of hackers hoping to cash in from them. According to one list from vpnMentor, there are 734 programs in operation this year, not just from the predictable giants like Google, Apple, Facebook, Microsoft, Alibaba and Amazon Web Services, but seemingly everybody else too, from Craigslist to Dropbox, GitHub to GoDaddy, Netflix to PayPal, the United Nations to United Airlines, WordPress to Walmart and Yahoo to Yelp. READ MORE