In the past month, we’ve been addressing some commonly held misconceptions about the bug bounty model, outlined in our guide, 7 Bug Bounty Myths, Busted. So far we’ve discussed the misconception that bug bounties are all public, examined the types of companies engaging with the bug bounty model, and debunked the perception some have that bug bounties are too risky. This week, we’re talking about the folks that make this economy go ‘round… the security researchers.
Myth #4: You Can’t Trust Hackers
False. With the right guidelines and incentives, white hat hackers are the good guys, security researchers that approach breaking into code like an adversary to help organizations.