Example Of Pros & Cons Of A Bug-Bounty Program Essay

The bug-bounty program is a current technological advancement in the computer networking and online internet world aimed at improving the online security and reducing or minimizing the vulnerabilities of the companies that run the program or intend to run the bug bounty program. The program is to have its various pros and cons since use by the various online tech companies, for instance, Mozilla and Google.
The advantages for the firms that use or run this program are clear since the security professionals and specialists use it to resolve most current security issues. Another advantage of using this program is that it also can act as a powerful tool for marketing in the InfoSec industry. Looking at the famous tech firms, Google, Mozilla, Facebook, etc. the program has proven that it aids in managing their security budget by only allowing them to pay for valid vulnerabilities instead of paying per hour. The program also represents a good marketing tool for companies and it provides security professionals with good training and experience earning which strengthen their personal brands within the information security industry (InfoSec).
The program has aided the firms using it to troubleshoot and patch vulnerabilities quite fast, hence, helping them secure their web applications and servers. Another pro for companies is that this is best place where they are able to find a crowd of security professionals and use their knowledge to improve their online systems and web application servers.
The cons of running this program is that the attacking of a similar target by numerous InfoSec professionals at the same time may lead to a broken framework (server), except if there is a copy/mirror of the server for each specialist. Running of the BBPs for short time frames also does not leave too much room for assessing good security to aid in identifying flaws or vulnerabilities. The risk is also that in about all the thousands of recognized specialists that work on it, the companies that might reveal their identity or configuration are prone to bad to a few bad intentioned people with good InfoSec knowledge.