The Best Reason for Having Software Testing and not bug Bounty's

Home Forums Everyday Testing – Careers, Learning and more The Best Reason for Having Software Testing and not bug Bounty's

This topic contains 4 replies, has 5 voices, and was last updated by  Archana 2 years, 10 months ago.

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • #13907

    Ronan
    Moderator
    @ronan

    I found this interesting results from a survey conducted recently by Wakefield Research commissioned by code evaluation firm Veracode.

    One of the big takeaways from the survey was the fact that 59% of IT decision makers (ITDMs) think it’s more expensive to fix code flaws found in bug bounty programmes than to secure code during development.

    I thought this was very interesting and surely suggests that these companies should spend more money investing in testing rather than offering bigger rewards for bug bounty’s?

    What do you think?

    #13916

    Aleksandra Kornecka
    Moderator
    @aleksandra-kornecka

    There is some commercial evidence and information in methodology of testing that early bug-finding is lower cost thAen any bug found later ūüôā

    #13947

    Jesper
    Moderator
    @jesper-lindholt-ottosen

    There is some commercial evidence and information in methodology of testing that early bug-finding is lower cost then any bug found later  

    commercial = myth, see http://thklein.com/en_US/cost-of-defect/

    Regarding¬†bug bounty programs (not Bug Hunts). My opinion on them as risk mitigation activities is that they can “crowd source” a lot of edge cases that the producing company can find it costly to do, both wrt. skills and time.

    #14002

    Augusto
    Participant
    @augusto-evangelisti

    Why not both?

    #14222

    Archana
    Participant
    @archana

    I believe it is best to invest more on software testing. Imagine having a vulnerability in the software. By the time someone reports it through a bug bounty program, it could easily prove very costly.

    It is also good to¬†have bug bounty’s. But the chances of finding defects after thorough testing will be considerably less. And hence prove to be less costly.

Viewing 5 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.