HackerOne takes an axe to its bug bounty rewards
Summary
Bug bounty platform HackerOne has significantly reduced its payouts for critical and high-severity vulnerability discoveries. This move comes as part of a broader restructuring aimed at financial sustainability and reflects a shift in how bug bounty programs are incentivized.
IFF Assessment
FOE
The reduction in bug bounty rewards for critical vulnerabilities may disincentivize some researchers, potentially leading to fewer critical flaws being reported and fixed promptly.
Defender Context
Defenders should be aware that changes in bug bounty program incentives might impact the flow of vulnerability information. This could necessitate increased internal scanning and testing efforts to proactively identify critical flaws that might otherwise be reported through external programs.