Casey Ellis, Founder & CEO, Bugcrowd Jeremiah Grossman, Chief of Security Strategy, SentinelOne HD Moore, Founder of The Meta
Traditional methods for vulnerability discovery are failing us. With rapidly expanding attack surfaces, motivated adversaries, and the growing shortage of full-time infosec professionals, organizations are fighting a losing battle. One thing is clear: We need a new approach.
Enter the Bug Bounty model. Bug bounties have quickly evolved from a “nice to have” to a “must have” for most application security teams.
What’s behind this trend? Why are bug bounties growing, and why now?
Join our expert panel as we discuss the key findings from The 2017 State of Bug Bounty Report.
- Casey Ellis, Founder & CEO of Bugcrowd
- Jeremiah Grossman, Chief of Security Strategy at SentinelOne
- HD Moore, Founder of The Metasploit Project
Jason Haddix, Head of Trust and Security & Wade Billings, VP, Technology Services, Canvas by Instructure
In the past several years, bug bounty programs have disrupted the pen test norm, and provide organizations with a robust and all-encompassing security assessment solution. Instructure, the company behind Canvas Learning Management System (LMS), made the switch three years ago and have never looked back.
In this webinar, we will explore...
• Why Instructure replaced their last three penetration tests and the results they’ve found
• The three fundamental differences between the penetration testing model and the bug bounty model
• How organizations running bug bounty programs have seen improved results in both volume and quality in vulnerability submissions
Alvaro Hoyos, David Baker, David Farrow, Gene Meltser
Security vendor products are held to a higher standard of security—and for good reason as the very existence of their organization could be at risk due to a vulnerability. Many of these vendors are turning to bug bounty programs to not only find any vulnerabilities in their products and services, but also to provide assurance to their clients.
Join our security panel for a live discussion on the following topics:
1. What unique appsec challenges come along with complex & high-risk environments
2. How to design security programs to provide robust coverage of those technologies
3. Why bug bounties were so quickly adopted within the security industry
4. Open Q&A with the panelists
Alvaro Hoyos, Chief Security Officer @ OneLogin
David Farrow, Sr Director, Information Security @ Barracuda Networks
David Baker, VP Operations @ Bugcrowd, formerly CISO @ Okta
Gene Meltser, Enterprise Security Architect @ Sophos
Johnathan Hunt, VP Information Security at Invision; Paul Ross, SVP Marketing at Bugcrowd
Bug Bounty programs are critical to the security programs of thousands of organizations, but many still have not embraced them. Join security leader Johnathan Hunt, VP Information Security at InVision, Paul Ross, SVP of Marketing at Bugcrowd to discuss why that situation must change, through topics including:
- How a security expert changed his mind about bug bounties
- Why no bug bounty means missed vulnerabilities
- How Bugcrowd finds a P1 bug every 27 hours
We will explore InVision’s bug bounty experience from conception to being critical to their customers’ confidence in their security.
*Register for the webinar now*
“Whether or not you’re going to have the good guys working for you or not, doesn’t mean the bad guys are going to stop working”
Jeremiah Grossman, Daniel Miessler, Richard Rushing, Paul Ross
Over the past twelve months we’ve witnessed a shift in how companies are tackling their application security challenges. Join a CISO, an AppSec guru, and IoT security expert to hear industry leading perspectives on the trends that have emerged over the past year, and what to look forward to in the next.
Our all-star panel of industry experts includes Jeremiah Grossman, Founder of WhiteHat Security and Chief of Security Strategy with SentinelOne, Daniel Miessler, Project Leader: OWASP IoT Security Project and Richard Rushing, CISO at Motorola Mobility, for a discussion on what trends every security professional needs to be aware of for 2017.
The critical trends you need to know about will include:
• How crowdsourcing security assessment will improve pen testing in 2017
• Why IOT security is becoming every CISO’s problem
• How will AI and Machine Learning impact protecting your company’s fate?
Despite thousands of large and small organizations running bug bounty programs, there is still a lot of fear and uncertainty about these in the cybersecurity community. In this webinar we will explore 7 myths about Bug Bounty programs, the hackers who are involved, and the impact they are having on the security posture of organizations around the world.
When you attend this webinar you will:
- Learn if a bug bounty program is right for your organization
- Understand if a bug bounty encourages hackers to attack your systems
- Explore the real benefits of bug bounty programs – and find out if they actually work
- Get insight on whether these programs are too hard and costly to manage
David Baker, CSO of Okta, Casey Ellis, CEO of Bugcrowd, John Pescatore, SANS Analyst
Bug bounty programs are moving from the realm of novelty towards becoming best practice. While bug bounty programs have been used for over 20 years, widespread adoption by enterprise organizations has just begun to take off within the last few. Bug bounty programs have increased 210% percent since 2013.
Bug bounties provide an opportunity to level the cybersecurity playing field, strengthen the security of products, and cultivate a mutually rewarding relationship with the security researcher community.
Join Bugcrowd, SANS, and a customer panel as we discuss the momentum behind crowdsourced security.
1. How bug bounties fit with a robust security strategy
2. Why bug bounties are being adopted by all types of organizations
3. How Okta saved the equivalent cost of two full-time employees with Bugcrowd
Jake Kouns of Risk Based Security and Christine Gadsby of Blackberry
This guest webcast features Jake Kouns of Risk Based Security and Christine Gadsby of Blackberry who will be giving their Black Hat 2016 talk, analyzing the real risk of using OSS and the best way to manage its use within your organization.
Through real world examples and personal experience, the speakers will...
- Examine the current hype around OSS, highlighting what organizations should be the most concerned about, and how to evaluate the true cost of using OSS
- Explore how to utilize learnings from your incident response function to create smarter products and avoid maintenance costs of OSS
- Introduce a customized OSS Maturity Model and walk through the stages of organizational maturity with regards to how they prioritize and internalize the risk presented by OSS
Learn more about Jake Kouns:
Learn more about Christine Gadsby:
Keren Elazari, cyber security analyst and senior researcher
In our wired, connected world, software flaws are inevitable – so why not utilize the nature of our connected world to work with a distributed immune system made up of thousands of security researchers? This webcast will provide in-depth analysis based on extensive academic research, conversations with CISOs experienced in running such programs, and the security researcher community.
In this webinar, we will highlight the business, technology, and organizational values companies derive from these bug bounty programs. Finally, the talk will identify the common myths, fears and barriers for participation, and suggest recommendations to counter these barriers.
- Bug Bounty program evolution and myth busting
- Lessons from Barracuda’s Bug Bounty program
- How businesses and technology derive value from bug bounty programs
- The art of running a successful & effective bug bounty program