Market Research Logo

IDC PlanScape: Launching a Bug Bounty Program

IDC PlanScape: Launching a Bug Bounty Program

This IDC study explains how to create a bug bounty program that enables the program sponsor to gain from the collective experience of a large community of security professionals. The reality is that unsanctioned grey hat and black hat hackers exist and will probe your organization's security whether you like it or not. Their incentives might be financial gain, publicity, or pure curiosity. By creating a bug bounty program, you provide these individuals with the opportunity to channel their exploration into a sanctioned effort that provides you with a structured opportunity to review, remediate, and respond to vulnerability reports."Bug bounty programs incentivize security researchers to test your systems for weaknesses and then provide you with an opportunity to fix the problems and strengthen your defenses," says Mike Chapple, adjunct analyst with IDC's IT Executive Programs (IEP). "These programs allow you to benefit from the collective thinking of a large community of security professionals. You'll have more minds focused on your security posture than you could ever hire as employees or consultants."

Please Note: Extended description available upon request.


IDC PlanScape Figure
Executive Summary
Why Are Bug Bounty Programs Important?
Attackers Will Probe Your Systems Anyway
Bug Bounties Supplement Your Formal Penetration Testing Program
What Are Bug Bounty Programs?
Incentivize the Responsible Disclosure of Vulnerabilities
Vendors Specialize in the Creation and Management of Bug Bounty Programs
Programs Are Appearing in New Industries
Who Are the Key Stakeholders?
How Can My Organization Take Advantage of a Bug Bounty Program?
Select a Limited Scope for the Initial Program
Clearly Define the Program's Rules of Engagement
Ensure That Key Stakeholders Understand the Program Prior to Launch
Develop and Test a Remediation Workflow During the Pilot
Evaluate the Pilot Program Results and Determine the Scope of an Expanded Deployment
Operationalize Bug Bounty Practices
Advice for Technology Buyers
Related Research

Download our eBook: How to Succeed Using Market Research

Learn how to effectively navigate the market research process to help guide your organization on the journey to success.

Download eBook

Share this report