Javelin Strategy & Research’s new report reveals interest and concerns with vulnerability disclosure policies, bug bounty programs and crowd-sourced penetration testing

San Francisco, CA, May 3, 2018: Security professionals at financial institutions are receptive to programs that guide independent researchers who find harmful security vulnerabilities in their firm’s online products and services, according to a new report by Javelin Strategy & Research, titled Bug Bounties: Overcoming Fears, Finding Solutions.

These vulnerability disclosure policies (VDPs) are becoming the standard for modern security programs. The report shows a third of engineers, IT managers, and other stakeholders surveyed – those whose chief concern is software or hardware vulnerabilities – say their FI maintains such a policy.

“Regulators may be leaning on companies to adopt VDPs while discouraging the implementation of public bug bounties – which incentivize disclosure with monetary rewards,” said Al Pascual, SVP Research and Head of Fraud & Security at Javelin Strategy & Research. “Some security professionals may not want to adopt these programs because data-breach notification laws may apply when independent security researchers are actively probing their systems.” 


About Javelin Strategy & Research
Javelin Strategy & Research, a Greenwich Associates LLC company, is a research-based advisory firm that helps its clients to make better-informed business decisions in a digital financial world. Our analysts offer unbiased, actionable insights and unearth opportunities that help financial institutions, government entities, payment companies, merchants, and other technology providers. (Twitter: @JavelinStrategy)

Media Contact
Joan Weber

Tejas Puranik