The European Union kicked-off over a dozen new bug bounty programs targeting open-source programs in January. Security experts argued the EU’s $1 million program focused too much on bug bounty payouts. Instead, they argued the money should be used to better secure the products before they go to market. A recent study from vpnMentor shows that there are more than 700 programs just this year. The EU push back from the security community reflects a subtle change in attitude toward bug bounties.
Source: https://threatpost.com/amid-bug-bounty-hype-sometimes-security-is-left-in-the-dust/144360/