The wrong bug bounty strategy can flood your team with low-value reports. The right one can surface critical vulnerabilities that would otherwise slip through. A new academic study based on Google’s Vulnerability Rewards Program (VRP) offers rare data on how to tell the difference. The team behind the study included experts from Harvard, Bocconi University, Hebrew University, and Google Research. They analyzed data before and after a major change in July 2024, when Google increased … More →The post How to get better results from bug bounty programs without wasting money appeared first on Help Net Security.