Public Bounty Launch Newsletter
From the webpage:
Sign-up to receive an email when a new public bounty launches or when a bounty increases their high-end reward amount.
Bounty announcement for web, mobile, IoT, automotive, and network/host.
Looking a bit further, this is from bugcrowd, whose what-we-do page reports:
IT TAKES A CROWD TO BEAT A CROWD
Companies are in an unfair fight when it comes to cybersecurity. Regardless of how robust security efforts are, companies will always be outnumbered by the thousands of malicious hackers worldwide. We bring thousands of good hackers to the fight, helping companies even the odds and find bugs before the bad guys do.
…
As of today, fifty-four (54) current programs, 28 for rewards, 26 for points and 1 for charity.
It has attracted non-trivial venture capital, Series B, $15M, so take that as a positive sign.
An interesting twist on Schneier’s question: How Many Vulnerabilities Are there in Software?
Bugcrowd proposes that a density of “good hackers” is more useful than current software practices in detecting vulnerabilities.
What density of “good hackers” is required, for what types of software, what rewards are required to attract that density of “good hackers,” etc., remain open questions.
However, given the record of software vulnerabilities to this point, bugcrowd’s density of “good hackers” approach could hardly do worse than current practices.
Personally I think rewards need to increase to the point where “good hackers” can make a reasonable living.
Bettering software for the “common good” doesn’t pay utility bills or mortgage notes.
Liability for selling or using vulnerable software would help drive a rewards based “good hacker” economy.