Hacker Summer Camp 2019 was one for the books for team Bugcrowd. With some of the world’s best hackers, major tech companies, and government agencies converging, Bugcrowd had a bird’s eye view to observe some major happenings in the world of cybersecurity.
Enterprise Adoption of Ethical Hacking
For the first time, Black Hat hosted a Bug Bounty track, with briefings focused on best practices for launching, managing, and running a successful bug bounty program. Our very own Researcher Operations Program Manager Chloe Brown was on stage discussing tips for crafting fruitful connections between the security researcher community and organizations.
This in itself was validation of the growing popularity of crowdsourced security testing, and our Bugcrowd mission. Thanks to the cumulative knowledge of talented whitehat hackers, vulnerabilities that have gone otherwise undetected by traditional testing methods are being surfaced and fixed, faster. And tech leaders like, but not limited to, Google and Microsoft are buying in.
This was especially underscored at Black Hat by Apple’s announcement to open up its bug bounty program and increase rewards to up to one million dollars — a great move to help bring in some of the upstarts in the security researcher community and strengthen its products with competitive payouts.
Every Security Team is a Software Team
The week also included a must-watch keynote from Dai Zovi, head of security for Cash App at Square. He described a culture shift within cybersecurity that he’s observing — that every security team is, or will become, a software team. Often times, cybersecurity puts two teams in an organization at odds, security and development. The security team is pressured to prevent vulnerabilities, while development is pressured (and evaluated on its ability) to push products to market quickly. Unfortunately, these conflicting goals are prime causes for a communication breakdown.
As software continues to eat the world, cybersecurity must be seen not only as a defensive challenge, but also an organizational opportunity. Solutions that promote communication, cooperation, and mutual education of engineering and security teams will be the future of organizational efficiency.
Attack Surfaces Growing Exponentially
As with each year around Black Hat and DEF CON, hackers demonstrated incredible tricks and hacks, including vulnerabilities and exploits in GPS systems, Microsoft Hyper-V, and even Boeing’s 787 network. Thanks to the proliferation of the Internet of Things and cloud environments, organizations are facing a reality with their growing attack surfaces — everything is hackable.
Taking a walk around the villages at DEF CON, we were exposed to the live hacking of everything from biomedical devices, voting machines, to automobiles, all of which are increasingly getting connected. Given the rapid interconnectivity of these endpoints, it’s no surprise that IoT represents the fastest growing attack surface — Bugcrowd’s Priority One Report indicated that submissions on IoT targets increased more than any other, at 384% this year. The sheer number and types of the devices being networked and connected to cloud interfaces and on-the-internet APIs is one of the greatest challenges in security today.
While it can be easy to get overwhelmed by the growing attack surfaces and increasingly porous nature of a company’s cyber defenses, finding vulnerabilities can actually be a key feedback loop that helps security and development teams improve over time. And this was an increasing sentiment we observed all week through BSides, Black Hat, and DEF CON.
Cheers to Vegas, We’ll be Back!
We had a phenomenal week in Vegas hanging with customers, partners, and security researchers! After 10+ events we hosted through the week, we’re all a little exhausted, but feeling excited about the community we’ve built. We’re incredibly thankful to everyone who has made it possible, and we’re already looking forward to next year’s events.
Can’t wait for next year? Well neither can we. Learn how to join the Crowd here, or sign up for a demo of the platform here. And be sure to follow us on Twitter to stay up-to-date on our upcoming events.