How building a better hacker accidentally built a better defender

DerbyCon 4.0 - Family Rootz

Presented by: Casey Ellis (@caseyjohnellis)
Date: Saturday September 27, 2014
Time: 16:00 - 16:50
Location: Track 3

Today‰s cybersecurity battle is not a fair fight: the cyberthieves‰ growing in numbers and sophistication on a daily basis‰ are overwhelming today‰’s enterprises and their dated practices of in-house and scheduled penetration testing. As a result- enterprises are turning to crowdsourced security programs known as bug bounties to accelerate their software testing and the triaging and repair of resulting vulnerabilities. Bug bounties are ‰the wisdom of the crowd‰ applied to software testing. They are also a great training ground to make product development teams more ‰security-aware.‰ Tapping the crowd for security testing builds better hackers and a better application testing discipline for enterprises- leading to safer products that make it to market faster than with traditional testing methods.By putting the numbers- expertise- motivation and speed of the crowd to work in your favor- a bug bounty program will give your enterprise the tools and process to rapidly test your product and discover and fix flaws in record time. In this talk- CEO and Co-founder of Bugcrowd- Casey Ellis- will explain how bug bounties work and will share case studies that show how these programs have changed the enterprise security model. He will outline how enterprises can tap into the talents of over 10- 000 active researchers to help defend against the volume and complexity of today‰s cyber threats.

Casey Ellis


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats