How to Design Successful Internal Bug Hunts: Squashing Security Bugs on a Budget

Logo
Presented by

Pieter Ockers of Adobe

About this talk

Far too often, testing software for security flaws falls into the “nice-to-have” category, taking a backseat to the demands of the marketplace and inflexible feature release schedules. In addition to the expense of hiring an outside security testing team, testing for and fixing obscure security bugs is a brake on an engineer’s ability to put new code in the hands of their customers. Fortunately, there is a workaround to this dilemma that will allow you to promote application security awareness while helping to reduce security bugs in your applications. An internal bug hunt contest - in which your employees compete for prizes by finding and reporting security bugs - enables you to harness the creativity and problem-solving skills of your workforce while reducing security bugs in your applications. It can also help promote a culture of security awareness - without a large security testing budget. An internal bug hunt contest can you help you: • Find and remediate vulnerabilities before external entities can exploit them • Provide a safe platform for your application owners to test for security bugs • Promote application security awareness • Engage employees outside of the central security team who want to explore the security domain In this webcast, you will learn how an internal bug bounty program can help you find security flaws in your applications before criminals or spies, while improving the security culture at your company.
Related topics:

More from this channel

Upcoming talks (9)
On-demand talks (929)
Subscribers (70993)
CSA CloudBytes was launched as a webinar series to help us educate the industry on all matters related to the cloud. Our channel is designed to inform our audience about trending topics, new technologies, and latest research. Learn more at cloudsecurityalliance.org. Join the Cloud Security Alliance on LinkedIn and follow us on twitter: @cloudsa