Bugcrowd’s Defensive Vulnerability Pricing Model

“How much should my company pay for a bug?”
“What should my organization budget for a successful program?”

We receive these questions time and again from organizations looking at crowdsourced security programs.

Compiled from years of bug bounty data and experience we are happy to introduce our Defensive Vulnerability Pricing Model.

This guide answers:

  • Standard market rate for both critical and non-critical bugs
  • How much to budget for your crowdsourced security program
  • Reward ranges that attract the right talent

For a comprehensive overview of what goes into setting the appropriate budget and reward range for your bounty program, download our comprehensive reward guide.