A Grindr security flaw was disclosed this week that allowed attackers to launch password resets without accessing a user s email inbox. Many companies are looking to adopt or have already adopted bug-bounty programs or vulnerability-disclosure programs. Katie Moussouris, CEO of Luta Security and a bug bounty program expert, warned at SAS@Home that such programs pose more problems than they solve. She said companies need to do the prerequisite work and manage their vulnerability processes internally.
Source: https://threatpost.com/grindrs-bug-bounty-pledge-security/159893/