HackerOne CEO Talks Bug Bounty Programs at RSA Conference

Can bug bounty programs be designed to protect consumer privacy and how do programs balance white hat disclosure versus companies sitting on vulnerabilities until they are fixed?