Name: The Critical Need for Vulnerability Disclosure in the IoT Security Landscape
Start: 2023-05-17T17:30:00Z
End: 2023-05-17T17:30:49.000Z
Location: BrightTALK

HackerOne pinpoints the most critical security flaws across an organization’s attack surface with continual adversarial testing to outmatch cybercriminals. HackerOne’s Attack Resistance Platform blends the security expertise of ethical hackers with asset discovery, continuous assessment, and process enhancement to reduce threat exposure and empower organizations to transform their businesses with confidence. Customers include Citrix, Coinbase, Costa Coffee, General Motors, GitHub, Goldman Sachs, Hyatt, Microsoft, PayPal, Singapore’s Ministry of Defense, Slack, the U.S. Department of Defense, and Yahoo. In 2023, HackerOne was named a Best Workplace for Innovators by Fast Company.

The 8th Annual Hacker-Powered Security Report just launched. How can you interpret it to make the case for your own human-powered security program, attract more security researchers to your programs, or incentivize more impactful vulnerability reports? 

This webinar, featuring HackerOne customers and a leading member of our security researcher community, will answer that question.

From Data to Results: Building Resilience with Insights from the Hacker-Powered Security Report

In an era of increasing regulatory scrutiny, financial services organizations face mounting pressure to meet stringent cybersecurity compliance mandates. This session explores how HackerOne’s Vulnerability Disclosure Program (VDP) empowers financial institutions to meet these mandates while strengthening their security posture. We will discuss the essential role of VDPs in uncovering hidden vulnerabilities, fostering trust with regulators, and demonstrating proactive risk management. Attendees will gain insights into leveraging the HackerOne platform to streamline compliance processes, enhance transparency, and safeguard sensitive data, all while navigating the unique challenges of the finance sector.

The Compliance Advantage: Strengthening Financial Cybersecurity with HackerOne's VDP

As the cybersecurity landscape continues to change, understanding the perspectives of security researchers is essential for effective risk management.

In this 30-minute webinar session, we’ll dive into the top five takeaways from the 8th Annual Hacker-Powered Security Report. With practical examples and actionable recommendations, you’ll learn how to:

Ensure that AI deployments are secure and trustworthy 
Enhance your approach to vulnerability management 
Implement demonstrably valuable security measures
Watch this fast-paced exploration of the vital role of human expertise in the AI era.

5 Things to Learn from the 8th Annual Hacker-Powered Security Report

New threats emerge faster than any security team can fight them, which is why implementing an always-on vulnerability disclosure program (VDP) is not just a wise decision—it's becoming a standard practice mandated by government regulations and global compliance frameworks. Having a VDP openly demonstrates your organization's commitment to security, showcasing transparency, accountability, and a proactive approach to safeguarding your systems.

Why Implement a Vulnerability Disclosure Program (And How to Do It)

For retail, a security breach costs $2.96M on average—and traditional security measures can’t keep up with evolving threats. To protect your customer data and your reputation, proactive, always-on testing powered by ethical hackers is the way forward. watch this Q&A with Swiss sportswear brand On and HackerOne to learn the real-world benefits and practicalities of a human-powered security testing program for retail and e-commerce.

Retail Under Attack: HackerOne Customer Insights on Outsmarting Cybercriminals

Relying solely on internal teams and automated tools can leave crucial vulnerabilities overlooked. Traditional methods struggle to keep up with limited resources, evolving threats, and complex systems.

Enter HackerOne Bounty: Leveraging the expertise of the world's largest ethical hacker community, we offer proactive, continuous testing of your digital assets. Our custom-tailored bug bounty programs connect you with top-tier security researchers—and offer financial rewards to incentivize these creative minds to uncover novel and elusive vulnerabilities in your systems.

Everyone from seasoned security professionals to curious enthusiasts will find value in this session.

Continuous Security with HackerOne Bug Bounty: Cyber Defense Done Right

In this panel session from the 2024 Cybersecurity Summit, you'll hear from experts from HackerOne, Google Cloud, Ping Identity, Automox, and HID about how to manage your attack surface, plan for the continuing influx of AI tools and technology, and protect your organization against ransomware, DDoS attacks, and more.

2024 and the Biggest Threats to your Business

Talent shortages, launch delays due to skillset and staffing gaps, and challenges in retaining seasoned pentesters. These all create serious barriers to running successful and consistently effective pentest programs. 

Inefficiencies in everything from coordinating schedules to monitoring coverage, tracking remediation, and maintaining a cadence of communications for high-risk issues can undermine productivity and reduce security effectiveness. 

Watch this on-demand demo (the first 10 mins) followed by a Q&A to see how the security industry’s leading Pentest as a Service (PTaaS) platform, combined with talented and thoroughly vetted pentesters, can create a responsive program filled with meaningful findings that deliver on its ROI promise.

Beyond Traditional Testing: Elevating Cybersecurity with HackerOne Pentests

Exploited vulnerabilities are the most common root cause of the most significant ransomware attacks in the financial services sector. At the same time, nearly half of security professionals say that testing too late in the development cycle remains a major source of frustration. So why are we still failing to catch vulnerabilities earlier? The structure and priorities of development and security teams remain at odds for most organizations. In fact, few “shift left” initiatives have successfully gone to plan. 

Developer productivity is still often measured on speed of deployment, at the expense of security. Failing to catch vulnerabilities before code is released overburdens small security teams, stalls code production, and increases the risk of costly data breaches that erode brand trust.

In this on-demand recording from the December 2023 Finance & Risk Cyber Security Summit, HackerOne's CTO, Alex Rice, will demonstrate how we can reframe our thinking, team structures, and culture to recognize that security is a process, not a destination. Security teams must adopt an advisory role for development that embraces how developers work and supports developer-first initiatives to drive secure outcomes.

Shift Left Is Dead: A Post-Mortem.

Gain invaluable insights on quality-driven pentesting from our virtual "Ask Me Anything" (AMA) session, tailored for security leaders skeptical about the impact and results of community-driven pentesting. You'll have direct access to the representatives from the elite top 10% of pentesters from HackerOne's 2 million-strong ethical hacking community, selected for their proven skills in rigorous testing environments. Address your doubts in this hour-long interactive panel, dissecting everything from web app vulnerabilities to compliance intricacies, all through the lens of methodical, results-oriented pentesting.

Who Should Join

This session is essential for security decision-makers who are weighing the benefits of community-driven pentesting against traditional models. If you're seeking to understand how collaborative security efforts can align with and enhance your business's security posture, this AMA will provide the clarity and reassurance needed to make informed decisions about your security strategy.

Check out this on demand webinar to see how structured, community-driven pentesting can yield quality outcomes and provide ongoing security assurance!

Truth Behind the Hack: Elite Pentesters Tell All in a Live Q&A

With the 2024 election right around the corner, security and integrity are on the minds of U.S. constituents. 

In this on-demand webinar, cybersecurity and election integrity subject-matter experts from The Elections Group and HackerOne discuss the success of a 2023 hacker challenge conducted by the Election Security Research Forum and leading voting technology providers—and give some tips on how state and local government leaders can leverage the findings to improve their security stance. The webinar also discusses the intersection of IT infrastructure and cybersecurity and how CVD can help election officials improve internal processes while building trust with constituents.

Ready for 2024: How CVD/VDP Can Boost Election Integrity and Public Perception

Hackers gather in London, U.K. to partner with the Salesforce security team as they work to keep their digital landscape and users safe. Hosted by HackerOne in June, 2023.

H1-4420: Salesforce's Live Hacking Event in London

Learn how the global talent of the ethical hacker community can help you with your preemptive security, delivered via Pentest as a Service (PTaaS), to streamline validation and fix vulnerabilities fast. See how PTaaS can help you:
- Reduce risk in real-time.
- Find more critical and high vulnerabilities.
- Accelerate pentest results to find and fix security issues faster. 
- Go above and beyond compliance. Satisfy requirements for SOC 2 Type II, PCI DSS, ISO 27001, HITRUST, FISMA, SOX, and GDPR.

The Power of Pentesting as a Service (PTaaS)

Recent Enterprise Strategy Group (ESG) survey data from Jon Oltsik, Distinguished Analyst and Fellow, indicates that for 87% of respondents, ensuring secure and available applications is a top priority. 

Though the importance of app security is paramount, ESG also noted the following persistent roadblocks:
• Maintaining security consistency across data center and public clouds where cloud-native apps are deployed
• Use of multiple cybersecurity controls that increase costs
• And lack of visibility into public cloud infrastructure where apps are hosted.

Jon Oltsik showcases 9 advantages of continuous penetration testing to enhance your company’s app security, as well as 5 ways to improve pentesting itself, in this custom ESG webinar. 

Join the discussion to view Oltsik’s vendor-neutral analysis of the state of app security, glean ESG’s latest survey data, and overcome your own app security challenges.

ESG Analysts on the Value of Continuous Penetration Testing

A well-designed and purposefully run bug bounty program can have a tremendous impact on your organization's attack resistance. A few fundamental steps will help you hit the ground running, so you can successfully launch and maintain a high-performing bounty program.

In this webinar, HackerOne’s field experts will walk you through what you need to know, drawing on their firsthand experience planning bug bounty programs for organizations ranging from federal governments to SMBs and global enterprises. You’ll learn how they set up customers for success and how mature programs operate to derive maximum value.

Key takeaways:
- Pre-launch steps for an effective public or private bug bounty program
- Day-to-day operational practices to ensure consistent results and maximum ROI
- Real-world examples of how bug bounty programs drive hacker engagement and track results 
- How HackerOne Bounty can help reduce recurring vulnerabilities by up to 98% and enable organizations to release secure products faster

Frontline Tips for Managing a High-Performing Bug Bounty Program

2023 is panning out to be another challenging year for security leaders. Between the looming recession, ongoing tech layoffs, and climbing security incidents, uncertainty looms large.

Get tips for recession-proofing your security strategy from seasoned CISOs who’ve been through this before. HackerOne’s CEO will lead this roundtable discussion with CISOs from Cisco Security Business Group, Xerox, and Sumo Logic to learn about:
—Lessons learned from past recessions and what security leaders can do to prepare
—Tips for consolidating and investing strategically for the best security outcomes
—How to adjust your security strategy if you face resource constraints

Recession-Proof Your Security Program

Grammarly Shares How It Pinpoints the Most Critical Flaws in Its Attack Surface with Help from Ethical Hackers.
As a company selling writing assistant software to enterprises, Grammarly understands that product security is not a one-and-done initiative. Join this executive fireside chat to hear directly from Grammarly’s CISO about the value they get from adversarial testing via the HackerOne platform and its legion of ethical hackers.

Alex Rice, CTO and Co-founder at HackerOne and Suha Can, CISO at Grammarly will discuss how bug bounty and penetration tests fit into Grammarly’s preemptive security programs and how Suha measures the value of these solutions.

Register for the webinar to discover:

-How to effectively leverage bug bounty and pentesting in your application security strategy.
-The value of working with a crowdsourced security platform.
-How to prove the value of preemptive security initiatives to your non-security stakeholders.

The Impact of Preemptive Security

Only 10% of IoT vendors disclose timelines for acknowledging and resolving reported threats—and a staggering 73% of consumer IoT companies are in breach of the Product Security and Telecommunications Infrastructure (PSTI) Act, with no vulnerability disclosure policy (VDP) at all.

David Rogers, MBE, chair of the Fraud and Security Group at the GSMA, and Laurie Mercer, Director of Solutions Engineering at HackerOne, discuss the state of vulnerability disclosure in global consumer IoT, and strategies you can adopt to implement a transparent, productive, and compliant VDP at your organization.

Key Takeaways:
-Understanding VDP policy trends and projections and how they affect you
-Learn which companies pass the disclosure threshold test (and which ones fail)
-Get policy recommendations for incentivizing security researchers
-Discover how IoT leaders like Samsung, Apple, and Panasonic structure their VDPs

The Critical Need for Vulnerability Disclosure in the IoT Security Landscape

IoT Security

Vulnerability Management

Cyber Attacks

vulnerability disclosure

Hackers

Cyber Security

IT Security

Cloud Security

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Application Development

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

The Critical Need for Vulnerability Disclosure in the IoT Security Landscape

Presented by

About this talk

HackerOne