IMMUNIO Blog Using RASP to Make Bug Bounty Programs More Efficient

Bug bounty programs have gained popularity throughout the tech industry, cropping up at tech giants such as Facebook, Google, and more recently Apple. The programs effectively crowdsource manual penetration testing (pen testing), allowing users to try to break into an application to expose its vulnerabilities (bugs), in exchange for a monetary reward (bounty). This assists in making organizations aware of vulnerabilities to patch before they can be exploited to their own and their users' detriment. It is understandable why such programs have gained popularity. Companies that produce software need to be made aware of vulnerabilities, and rather than divert their own resources from projects, they can offer the opportunity to the whitehat community at large. It might even, depending on the scale of the operation, be cost effective, as they only have to pay if a vulnerability is successfully located and exploited.