Organizations are naturally wary of exposing their product’s flaws to the public. Yet in a variation on crowd sourcing, websites and developers are funding bug bounty programs, which recognize and compensate people for reporting exploitable bugs in their software. In 2014 alone, Facebook paid $1.3 million to 321 security researchers from 65 different countries. Each bug was awarded based on its severity and creativity, with the minimum reward being $500 and the maximum $30,000. Security Engineer of Facebook Collin Green notes:
“Report volume is at its highest levels, and researchers are finding better bugs than ever before. We've already received more than 100 valid reports since the start of the new year.”
Takeaway: Exposing your product’s vulnerabilities can give you valuable insight into what works and what doesn't. Consider exchanging secrecy and perfection for feedback from real users.