bug-bounty
Safeguard articles tagged "bug-bounty" — guides, analysis, and best practices for software supply chain and application security.
16 articles
LockBit 3.0: The Evolution of the World's Most Prolific Ransomware Operation
LockBit 3.0 introduced bug bounties, new extortion tactics, and industrial-scale operations that made it the dominant ransomware group through 2022 and 2023.
Open Source Security Bounty Programs: Do They Actually Work?
Bug bounty programs for open source projects promise market-driven vulnerability discovery. The reality is more complicated, with perverse incentives, quality problems, and funding gaps.
Bug Bounty Programs with a Supply Chain Focus
Traditional bug bounty programs miss supply chain vulnerabilities. Here's how to design a bounty program that incentivizes researchers to hunt in your dependency chain.
Vulnerability Disclosure Programs: Building Trust with Security Researchers
A well-designed vulnerability disclosure program turns external researchers into force multipliers for your security team. A poorly-designed one guarantees your vulnerabilities end up on Twitter instead of your inbox.