“Take a look at the biggest companies around today—Apple, Facebook, and Google. They all use bug bounty programs with security in mind and dedicate a lot of resources to them—even after their software has been developed. That’s because bug bounties work.”

Twitter: @ethicalhack3r • Website: dewhurstsecurity.com

Ryan Dewhurst has been professionally testing web applications for security issues since 2009. He has a BSc (Hons) in ethical hacking for computer security that he completed with first-class honors. Ryan is active in the information security community, contributing to various OWASP projects and releasing his own popular tools, such as Damn Vulnerable Web App (DVWA) and WPScan. In 2013, he was recognized by his peers when he was awarded the European Information Security Magazine Rising Star Award. Ryan has also appeared on the BBC and in many magazines and online publications for his work. In the past, he was known for identifying security issues in companies such as Facebook, Mozilla, Apple, and others while conducting independent security research.

If there is one myth that you could debunk in cybersecurity, what would it be?

Nothing is ever “secure.” There is always going to be someone smarter than you and with more resources. You could have done everything by the book—used a security development lifecycle (SDLC), had the software tested by a third ...