skip to Main Content
Illustrated Guide to Bug Bounties Step #2: Launching
The bug bounty lifecycle is a very fluid process, from strategic planning to program launch to learning from and iterating your program. Get the illustrated guide below:
Topic: Company Resources
Illustrated Guide to Bug Bounties Step #1: Planning
The bug bounty lifecycle is a very fluid process, from strategic planning to program launch to learning from and iterating your program. Get the illustrated guide below:
How Does a Bug Bounty Fit into my SDLC?
“How does a bug bounty fit into my SDLC?” This is a question we hear all the time. While the obvious answer is that it can augment or replace much of your current manual and automated testing, the actual answer is simpler; “bug bounties fit into and support your SDLC each step of the way.”
Webinar Recap: How Three Security Vendors Approach Security
This week I spoke with three security gurus – Dave Farrow, Senior Director Information Security, Barracuda, Alvaro Hoyos, Chief Information Security Officer at OneLogin, and Gene Meltser, Security Architect, Sophos – about their current application security challenges and how they overcome them.
The Illustrated Guide to Planning, Launching and Iterating Your Bug Bounty Program
To run a successful and mutually beneficial bug bounty program, the work starts long before you launch your program and is a continuous learning experience.
Evaluating the Business Impact of Software Vulnerabilities
Google recently announced that the company has raised its top reward for remote code execution bugs in its Google, Blogger and YouTube domains by 50 percent, saying “Because high-severity vulnerabilities have become harder to identify over the years, researchers have needed more time to find them. We want to demonstrate our appreciation for the significant time researchers dedicate to our program.”
Industry Spotlight: How Security Vendors Use Bug Bounty Programs
Bugcrowd bug bounty programs launched by security vendors have tripled over the past two years and represent the fifth largest industry on the Bugcrowd platform.
Product Security Challenges and Opportunities: Insights from Adobe’s VP and CSO, Brad Arkin
Last week we launched our 2017 CISO Investment Blueprint which analyzes survey responses from 100 security decision makers regarding the current state of application security. In addition to the survey results, we’ve chatted with several innovators in the security industry to get their thoughts on appsec today and the future.
Over the next couple of weeks, we’ll be publishing these interviews, filled with insights around the challenges and opportunities present for security decision-makers in 2017. We welcome your feedback and observations as well! Tweet us or shoot us an email to share your thoughts.
CISO Q&A: Kim Green
This week we launched our 2017 CISO Investment Blueprint which analyzes survey responses from 100 security decision makers regarding the current state of application security. In addition to the survey results, we’ve chatted with several innovators in the security industry to get their thoughts on appsec today and the future.
Over the next couple of months, we’ll be publishing these interviews, filled with insights around the challenges and opportunities present for security decision-makers in 2017. We welcome your feedback and observations as well! Tweet us or shoot us an email to share your thoughts.
New Industry Report: 2017 CISO Investment Blueprint
What are CISOs concerned about in application security for 2017?
What are their spending and resource allocation priorities?
What does the modern-day appsec landscape look like?
At the end of 2016 we surveyed some security industry leaders to get their thoughts on the current state of application security and what is to come for appsec organizations over the next twelve months. We discovered that application security organizations are at a steep disadvantage and their current positions may not be enough to keep up with modern attackers:
