A company is expanding its threat surface program and allowing individuals to security test the company’s internet-facing application. The company will compensate researchers based on the vulnerabilities discovered. Which of the following best describes the program the company is setting up?
The program being set up by the company, where individuals are allowed to security test the company's internet-facing application and are compensated based on the vulnerabilities discovered, is best described as a 'bug bounty' program. In a bug bounty program, external security researchers are incentivized to identify and report security flaws. This helps enhance the security of the application by leveraging the diverse skills and perspectives of a wide range of researchers.
B bug bounty because they’re paying non employees to find vulnerabilities.
B. Bug bounty A bug bounty program incentivizes external security researchers to find and report vulnerabilities in a company's applications or systems. Researchers are compensated based on the severity and impact of the vulnerabilities they uncover, helping the company to improve its security posture by leveraging a wide range of expertise.
Bug bounty hunters can earn money by discovering zero-day vulnerabilities