Bug Bounties - Working Towards a Fairer and Safer Marketplace

With rapid growth in the bug bounty marketplace, the CREST Bug Bounties Report explores good and bad practice to establish how to better understand bug bounty programmes and how they fit into the wider technical assurance framework.  It also highlights the need to provide advice to buyers of bug bounty services and protect the interests of ‘hunters’ participating in programmes.

The report is based on collaborative research including interviews and workshops with bug bounty stakeholders and participants.  CREST is committed to building on the findings of this initial study to work towards an improved future for bug bounty hunters and programmes.

CREST Bug Bounties Report [PDF]