Want to set up a successful bug bounty? Make sure you write it for the flaw finders and not the lawyers

Read the original article: Want to set up a successful bug bounty? Make sure you write it for the flaw finders and not the lawyers


Plus: Experts talk voting machine security, ‘warming’ of relations with infosec community

If you’re designing a security bug bounty for your organization’s products, by all means get the lawyers to take a look, but keep their hands off the keyboard. If it’s one thing flaw-finders find too tedious to deal with, which will put them off finding holes in your defenses, it’s legalese – and these are people who otherwise spend all day combing reverse-engineered code for typos.…


Read the original article: Want to set up a successful bug bounty? Make sure you write it for the flaw finders and not the lawyers