What is Bug Bounty !

Bug Bounty is a way for hackers to report vulnerabilities and exploits in exchange for money.

The purpose of the Bug Bounty program is to incentivize security research in order to improve the security of our product. We welcome all legitimate reports from security researchers, especially those who identify bugs that are outside of our team's expertise, so we can fix them more quickly.

If you know one or more public-facing mission-critical web applications not covered by bug bounties and are interested in it becoming part of the X years old Design Process’s Bug Bounty Program, please contact us at info@xyearsolddesignprocess dot com.

Detailed feedback is provided to the author, in both the Security flaws and the "X years old Design Process" Vulnerability reports.

Articles and discussions can be found on Hacker News, Reddit, Slack and Twitter.

Title:Bug Bounty Program with its Bugs

We've created a bug bounty program for our mobile app that fits out design process perfectly. This includes having all bugs reported to us via Hacker News or via our own internal report host. As part of this program we keep track of all bugs reported to us by any category (involving code or non-code). We then have a few engineers and designers who are responsible for triaging bugs with a severity rating from "easy fix" to "critical". Most of our bug bounty reports are within the "easy fix" category. The ones that aren't are added to a list for the designers and developers who work on our app to investigate in an upcoming sprint. This is part of our "Design Process" or "Front End Development Process" where we take 3 weeks to develop all new features and changes before deploying them to production. The design process gives us time to react and iterate based on user feedback, before going live with a release.

How did we start?

We started about 3 months ago after getting a few bug reports from users who were confused about why some features didn't work properly. They had a few suggestions but nothing major (you can see them here). We messaged them back asking them to report the issue so we could improve and iterate before going live.

As time went by we started getting more reports from people that didn't quite follow our process, they would suggest features without following our process or they would give suggestions on how we could make it work "more like a Facebook product". They were right, our process isn't perfect but it works for us and makes sure the changes we make are easy to maintain.

A lot of these users told us they didn't use our app either which is why they were confused about how ours worked.