Linked by Anthony Haywood on Wed 5th Jan 2011 15:44 UTC
In the last year there have been a number of organisations offering rewards, or 'bounty' programs, for discovering and reporting bugs in applications. Mozilla currently offers up to $3,000 for crucial or high bug identification, Google pays out $1,337 for flaws in its software and Deutsche Post is currently sifting through applications from 'ethical' hackers to approve teams who will go head to head and compete for its Security Cup in October. The winning team can hold aloft the trophy if they find vulnerabilities in its new online secure messaging service â€" that's comforting to current users. So, are these incentives the best way to make sure your applications are secure?