Bug bounty programs are surging in popularity, as more companies use freelance security researchers to spot vulnerabilities in their systems and help protect valuable customer data. Despite the growth of these programs, disclosure standards and practices vary widely from company to company. 93% of Forbes’ list of Global 2000 companies don’t have any way for researchers to report security issues, according to HackerOne. Companies need to offer protection for good-faith hackers by standardizing their reporting and policies, using easy-to-understand language.”]