In an effort to strengthen the cyber defense and cyber resilience measures within information technology systems, government and industry partners are increasingly turning to ethical hackers and incorporating bug bounty programs, which offer rewards for uncovered vulnerabilities. Bug Bounty Programs are “incentivized, results-focused programs that encourage security researchers to report security issues to the sponsoring organization”. These programs create a cooperative relationship between security researchers and organizations that allow the researchers to receive rewards for identifying application vulnerabilities. By paying for the reporting of security flaws, security researchers are incentivized to spend time discovering application vulnerabilities. In just a few years bug bounty programs have evolved from obscurity to being embraced as a best practice.
CAC/PIV holders can watch or download the podcast here: https://www.dodtechipedia.mil/dodwiki/download/attachments/600342610/2019-12-20-csiac-podcast-bug-bounty.mp4