Image

"The greatest fear of the security industry is that the private industry (like us) jumps into the market to show what they missed or completly ignored for years. Sometimes the security industry needs to change the tactics of prevention to secure the most important infrastructures."Today, there are three big players (Bugcrowd, Vulnerability Labs and HackerOne) that are active in the market with stable bug bounty disclosures and public security acknowledgements. It is very hard for new players to integrate their programs globally because of invisible restriction, network zones of the scene, required capabilities and, of course, capital investment. Some of the public programs use rented commercial ticket or sales systems for management with integrated plugins, while others employ an unique developed environment. Regarding the researcher's perspective, some programs have resources like videos, documents and independent programs, while others don't own the copyright to display more than a researcher ticket. Overall, each community should build a castle thats of worth for others in the community. The goal of any bug bounty program is to get participants to not focus only on money and influence. At the same time, the goal of each company in that sector is mainly to build a stable environment for the different layers, as well as to ensure they can cover multiple services like monitoring, coordination, customer programs, acknowledgements and the basic office logistics. Depending on the model, the success depends and will become visible within the next years. Most people believe that the commercial programs with sales-teams and investors may crash at some point because of an incomplete business model. The independent programs have, for example, less money to move their developments but they can raise to the top of a business quickly if organizers build an independent environment. The companies with such models are very unique and not connected, restricted, or regulated by any contractor. The movability of each model has his success, but there is a clear difference between the independent and the commercial parties. In the near future, new development processes and services will become public. These resources will help to decentralize the full commercialized system back to the roots with new models and design. Therefore, all the major bug bounty platforms are working on developing new functions and programs. Everybody is excited for the near future; I can't wait to see what it has in store.
Image
