As more organizations turn to bug bounty programs, versus penetration testing, to weed out vulnerabilities in their products we ask Christie Terrill, partner at Bishop Fox, what she sees as the pros and cons of either approach.
Threatpost’s Lindsey O’Donnell also asks Terrill what kind of companies are best suited for bug bounty programs versus conducting their own penetration testing? Terrill also addresses what these methods mean for vulnerability disclosures and the legal nuances and complexities behind bug bounty programs.