Why aren't there more bug bounty programs?

Malicious Life - A podcast by Malicious Life - Tuesdays

Categories:

On the face of it, there's an obvious economic incentive for both vendors and security researchers to collaborate on disclosing vulnerabilities safely and privately. Yet bug bounty programs have gained prominence only in the past decade or so, and even today only a relatively small portion of vendors have such programs at place. Why is that? Our Sponsors:* Check out 1Password and use my code MALICIOUS for a great deal: 1password.comAdvertising Inquiries: https://redcircle.com/brands