Ask HN: Should I offer a security bug bounty for my SAAS app?
I'm concerned about security.
Would it help to make it more secure if I offered say a $1,000 security bug bounty?
Is there a "wrong way" and a "right way" to offer security bug bounties? Are there pitfalls to be avoided?
4 comments
[ 3.0 ms ] story [ 14.3 ms ] threadhttps://hackerone.com/resources is advertising for their service but a good introduction on how to run a bug bounty program. Maybe using them also solves the marketing issue (how to tell security hackers that you have bug bounty program in the first place?)
If you are a smallish company my advice is to have a security page and a specific security contact with a corresponding gpg key, offer smallish reward, and respond quickly. 100 is plenty, even though a lot of people will disagree with me and it's way way better than most.