Bug bounty programs are for refining a mature SDLC, it’s the feedback loop that identifies (hopefully small) gaps.
Running a BB against an immature or non-existent SDLC means whack-a-mole with thousands of submissions; it’s costly and doesn’t solve gaps.
Dec 29, 2018 · 9:13 AM UTC
1
3


