|
A bug bounty program is a deal offered by many websites and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to exploits and vulnerabilities. These programs allow the developers to discover and resolve bugs before the general public is aware of them, preventing incidents of widespread abuse. Bug bounty programs have been implemented by Facebook, Yahoo!,〔(【引用サイトリンク】title=Yahoo! Bug Bounty Program )〕 Google,〔(【引用サイトリンク】title=Vulnerability Assessment Reward Program )〕 Reddit,〔(【引用サイトリンク】title=Reddit - whitehat )〕 and Square.〔(【引用サイトリンク】title=Square bug bounty program )〕 == History == The original "Bugs Bounty" program was the creation of Jarrett Ridlinghafer while working at Netscape Communications Corporation as a technical support Engineer. Netscape encouraged its employees to push themselves and do whatever it takes to get the job done and, in early 1996, Ridlinghafer was inspired with the idea for, and coined the phrase, 'Bugs Bounty'. He recognized that Netscape had many enthusiasts and evangelists for their products, some of whom to him seemed even fanatical, particularly for the Mosaic/Netscape/Mozilla browser. He started to investigate the phenomenon in more detail and discovered that many of Netscape's enthusiasts were actually software engineers who were fixing the product's bugs on their own and publishing the fixes or workarounds: * in the news forums that had been set up by Netscape's technical support department to enable "self-help through collaboration" (another one of Ridlinghafer's ideas during his four-year stint at Netscape); or * on the unofficial "Netscape U-FAQ" website, where every known bug and feature of the browser was listed, as well as instructions regarding workarounds and fixes. Ridlinghafer thought the company should leverage these resources and sat down and wrote out a proposal for the 'Netscape Bugs Bounty Program', which he presented to his manager who in turn suggested that Ridlinghafer present it at the next company executive team meeting. At the next executive team meeting, which was attended by James Barksdale, Marc Andreessen and the VPs of every department including product engineering, each member was given a copy of the 'Netscape Bugs Bounty Program' proposal and Ridlinghafer was invited to present his idea to the Netscape Executive Team. Everyone at the meeting embraced the idea except the VP of Engineering, who did not want it to go forward believing it to be a waste of time and resources. However, the VP of Engineering was overruled and Ridlinghafer was given an initial $50k budget to run with the proposal and the first official 'Bugs Bounty' program was launched in 1995. The program was such a huge success that it is mentioned in many of books about Netscape's successes, and many organizations (including Google) have statements on their 'Bugs Bounty' pages giving credit to mozilla.org for the Bugs Bounty program. 抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「Bug bounty program」の詳細全文を読む スポンサード リンク
|