Security professionals have doled out millions to fund bug bounty programs that find vulnerabilities in their software. But are these programs worth it? A recent Veracode study finds that bug bounties may help, but are no match for a strong AppSec culture and program.
This report looks at the results of a survey taken by 500 IT decision makers in the cybersecurity industry. This report shows the stats surrounding these security choices, and the best options for thorough security programs. You will learn:
How to get the best results building a layered application security program
Why respondents think organizations rely too heavily on bug bounty programs to find application security risks
Why many IT professionals are concerned about a false sense of security – especially in applications
How to limit the need to bug bounties with developer training
“93% of cybersecurity ITDMs believe that most flaws uncovered in a bug bounty program could have been prevented by developer training or testing in the development phase.”