I read about bug bounty in a couple of articles. This is a prize for people who find critical bugs in software, and the focus is about security. Both Google and Mozilla put a lot of focus about security, making the user feel secure. A noble cause indeed.
Do you see something wrong with this picture?
Let’s see where this logic leads us: We want people to feel secure using our products,so we would rather let other people (NOT US) find the most critical bugs. And guess what: It’s very cost effective. If those “elite” bugs cost me just $3K to find, do you know how much I’m saving in testing costs?
I’ve often said that when you test your code that makes you a responsible developer. That goes for organizations as well. Yeah, it might look neat and 1337 (I actually smiled when I saw what Google offers as a prize), but make no mistake: It’s just passing the buck.
So give me a break. You want to convince me your product is good? Test it yourself. Find the bugs before the next user gets her data exposed. Be responsible.
