“All software contains security flaws,” touts the homepage of Bugcrowd, a new site that seeks to streamline the way flaws are reported by enforcing crowdsourced “responsible disclosure” policies. The Bugcrowd statement is probably pretty close to correct, too. As we’ve reported, Google, Mozilla and other companies have had success offering cash bounties for people who find security flaws, and those who find them are often security researchers.
“Bugcrowd puts a crowd of 9,900 good guys who think like bad guys in your corner,” we are told.
In the open source community, the concept of throwing many eyeballs at problems is not a new one. Open source projects often draw their power from community-driven collaboration.
Read more at Ostatic
