David Baker, chief security officer at Bugcrowd, talks about the right and wrong approaches for implementing bug-bounty programs. Baker talks about how companies are moving towards more of an API-based platform, where you have a web application that sits on your cell phone and that has an API layer that feeds back into a back-end service. Baker: “You have to realize that the crowd is going to find a lot more vulnerabilities than your typical in-house pen-test team”””
Source: https://threatpost.com/implementing-bug-bounty-programs/146385/