← Back to Ideas← Back to Ideas

Vulnerability Bounty Insurance

January 4, 2023

Insurance that pays ethical hackers for finding vulnerabilities in your site.

The Background


Did you know that there is a whole world of ethical hacking out there?

People will search for vulnerabilities in large sites, just to turn around and tell the site about them.

Now, most of them don't do this out of the kindness of their heart. They do it to earn bounties. 

The idea is that, depending on the severity of the bug, the company will pay you money for bringing it to their attention.

The problem is that small and medium-sized businesses don't have the money to offer these bounties. If someone finds a major vulnerability, they're not going to be able to afford a $10k bounty.

So, either no one finds the bounty and it remains un-fixed, or someone finds it and either exploits it or blackmails them.

Ideas like this, right in your inbox.

Let's be honest. You don't want to have to come to our site every time you want a new idea. Let us send ideas like this one right to your email, for free, every week.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

The Idea


This doesn't need to be the case. These vulnerabilities are rare.

Even huge software companies with massive bounties only see a few serious vulnerabilities found each year.

So, the idea is to provide small and medium-sized internet companies with bounty insurance.

This will allow them to have their own bounty program and offer competitive prizes compared to the larger companies.

They pay some modest premium to the insurance company each month.

Then, if an ethical hacker finds a vulnerability, they can claim the bounty and the insurance company will pay it.

Obviously there are some things to get around. If someone finds a vulnerability in wordpress, they shouldn't be able to claim bounties from every site that uses it. 

And there would need to be fraud safeguards to make sure the company isn't intentionally building vulnerabilities in order to claim bounties.

But these are surface-level and can be easily avoided.

As part of this they could also provide insurance in the case of user data breaches and other similar cyber-security issues.