Bugcrowd and HackerOne are rewarding platforms for people who are willing to spend time looking for software vulnerabilities and companies that are willing to pay royalties. This cybersecurity economy has expanded to hundreds of thousands of hackers, including security practitioners and freelancers, and good freelancers can earn large sums of money.
While freelancers can help ease the pressure on internal teams, the vulnerability reward platform should provide more explicit legal elaborations, such as tools and techniques that ethical hackers can safely use. To solve the talent challenge, these crowdsourcing platforms are also releasing more content to help hackers improve their skills and attract more people. For example, Bugcrowd has just launched Bugcrowd University, providing free webinars and guidance.
HackerOne also released more training materials. From a legal perspective, such crowdsourcing platforms are pushing the wording of more “safe harbours” into contracts that manage vulnerabilities.