Bugcrowd put out a new report on the breakdown of what a bug actually costs a company, the priority that should be placed on vulnerabilities (P1 through P5) and how a new approach is changing the security landscape. The market has historically been out of balance in compensation, says Casey Ellis. The risk of not investing in a bug bounty program may very well outweigh the rewards of working with an outside researcher. To be taken seriously, it is most important to be able to clearly articulate the problems, says Ellis.”]
Source: https://www.csoonline.com/article/3029378/risk-vs-reward-how-to-talk-about-bug-bounty-programs.html