Skip to Main Content
Building a Modern Security Program
book

Building a Modern Security Program

by Zane Lackey, Rebecca Huehls
August 2018
Intermediate to advanced content levelIntermediate to advanced
45 pages
1h 2m
English
O'Reilly Media, Inc.
Content preview from Building a Modern Security Program

Chapter 4. Building a New Feedback Loop by Starting a Bug-Bounty Program

Bug-bounty and responsible-disclosure programs are incredibly useful.

Note

Bounties and responsible-disclosure programs can be completely separate activities. I’m using them interchangeably in this chapter simply for brevity, but I highly encourage anyone looking further into launching one to specifically understand the difference and choose whatever is the right starting point for your organization.1

If you’re not working toward launching one at some point, I strongly suggest considering it. Often, security or technology leaders are worried about either about having the funds to support bug bounties or about inviting attacks on the organization. However, my experience is that these two concerns are much smaller issues than you would expect in practice.

Many organizations have embraced bug-bounty and responsible-disclosure programs in the past few years for two key reasons:

  • Bug bounties give you a real-time and ongoing feedback loop that highlights where your security program is succeeding and where it is failing.

  • Bug bounties provide an avenue and incentive for researchers to report serious vulnerabilities they previously might not have shared (or simply sent directly to the press or security mailing lists).

Because both of these reasons offer major advantages to organizations with a program in place, it’s no wonder bug-bounty programs have seen such a high rate of adoption.

In this chapter, I share experiences ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Modernizing Cybersecurity Operations with Machine Intelligence

Modernizing Cybersecurity Operations with Machine Intelligence

Peter Guerra, Paul Tamburello
The Future of Security

The Future of Security

Christina Morillo
Cloud Native Security

Cloud Native Security

Chris Binnie, Rory McCune

Publisher Resources

ISBN: 9781492044680