• Author
    Posts
  • #13907
    @ronan

    I found this interesting results from a survey conducted recently by Wakefield Research commissioned by code evaluation firm Veracode.

    One of the big takeaways from the survey was the fact that 59% of IT decision makers (ITDMs) think it’s more expensive to fix code flaws found in bug bounty programmes than to secure code during development.

    I thought this was very interesting and surely suggests that these companies should spend more money investing in testing rather than offering bigger rewards for bug bounty’s?

    What do you think?

    #13916
    @aleksandra-kornecka

    There is some commercial evidence and information in methodology of testing that early bug-finding is lower cost thAen any bug found later 🙂

    #13947
    @jesper-lindholt-ottosen

    There is some commercial evidence and information in methodology of testing that early bug-finding is lower cost then any bug found later  

    commercial = myth, see http://thklein.com/en_US/cost-of-defect/

    Regarding bug bounty programs (not Bug Hunts). My opinion on them as risk mitigation activities is that they can “crowd source” a lot of edge cases that the producing company can find it costly to do, both wrt. skills and time.

    #14002
    @augusto-evangelisti

    Why not both?

    #14222
    @archana

    I believe it is best to invest more on software testing. Imagine having a vulnerability in the software. By the time someone reports it through a bug bounty program, it could easily prove very costly.

    It is also good to have bug bounty’s. But the chances of finding defects after thorough testing will be considerably less. And hence prove to be less costly.

Viewing 5 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.