Attracting the Hacker — Bug Bounty and Coordinated Vulnerability Disclosure

November 17, 2020 – 10:45AM EST

In the past, IT was driving the tools for the business. Today, “the IT” no longer exists. Tools are selected and implemented by business users. The main driver is digital transformation “”supported by widespread, cheap and ubiquitous technology. At the same time traditional security also is being “digitally transformed” as these new landscapes also expand cyberspace attack surfaces.

Ideally, companies have a well-established cyber defense; in reality, they are often reactive, slow and provide limited visibility of the attack surface, allowing hackers to be that one step ahead. That’s why companies should turn the tables and pay these hackers to challenge the security surrounding products and services. A bug bounty program supports this by opening a path for them to legally monetize their findings.

Learning Objectives

  • Understand the benefits of including bug bounty programs into the vulnerability management process.
  • Explain to senior management why inviting hackers to “challenge” a company’s products and services is not a risk but a chance.
  • Understand the requirements and challenges to set up a bug bounty program.

Julia Hermann

Information Security Architect, Giesecke+Devrient GmbH

You need to purchase your pass and register for Security Congress before you can save your spot to attend this session.