Attracting the Hacker — Bug Bounty and Coordinated Vulnerability Disclosure

November 17, 2020 – 10:45AM EST

In the past, IT was driving the tools for the business. Today, “the IT” no longer exists. Tools are selected and implemented by business users. The main driver is digital transformation “”supported by widespread, cheap and ubiquitous technology. At the same time traditional security also is being “digitally transformed” as these new landscapes also expand cyberspace attack surfaces.

Ideally, companies have a well-established cyber defense; in reality, they are often reactive, slow and provide limited visibility of the attack surface, allowing hackers to be that one step ahead. That’s why companies should turn the tables and pay these hackers to challenge the security surrounding products and services. A bug bounty program supports this by opening a path for them to legally monetize their findings.

Learning Objectives

  • Understand the benefits of including bug bounty programs into the vulnerability management process.
  • Explain to senior management why inviting hackers to “challenge” a company’s products and services is not a risk but a chance.
  • Understand the requirements and challenges to set up a bug bounty program.

Julia Hermann

Information Security Architect, Giesecke+Devrient GmbH

You need to purchase your pass and register for Security Congress before you can save your spot to attend this session.

Reminder: to register for and view sessions,
all attendees must sign-up or log into BrightTALK

Trouble logging in for the session? Click here

Already have a BrightTALK account? Click “Log in”

You don’t have to use the same email address as your Congress account

Don’t have an account yet?

Fill out the form to sign up for free!


Think you have an account but forgot your password?

Or you’re seeing this message?

Click here to reset your BrightTALK password

Seeing this screen or the session is playing?

You’re already logged in!


Still having trouble?
Click here to email support

Julia Hermann

Information Security Architect, Giesecke+Devrient GmbH