Elementool Bug Tracking Keeps Software Fixes on Course
By: Elementool, Inc. View more from Elementool, Inc. >>
Download this next:
Computer Weekly – 18 June 2019: Applying AI to road safety
By: TechTarget ComputerWeekly.com
Type: Ezine
In this week’s Computer Weekly, we visit a Tokyo project where artificial intelligence is helping to improve road safety by detecting potential subsidence. As bug bounty programmes become popular, we look at what’s involved and the pitfalls to beware. And we discuss digital development in healthcare with NHS England.
Also featured:
- In the second part of our buyer's guide to multicloud, we ask whether the benefits will end up being too hard-fought to make it viable for most enterprises?
- Lack of insight into external skills poses risks in terms of security and unaccounted spending.
- Native cloud operations can have a steep on-ramp in terms of enterprise IT readiness, but some things are relatively easy to port to a tier of storage in the cloud
These are also closely related to: "Elementool Bug Tracking Keeps Software Fixes on Course"
-
CW ASEAN, November 2018: Blockchain is no 'magic wand' for security
By: TechTarget ComputerWeekly.com
Type: Ezine
Blockchain is all the rage, although the technology is so much more than just about bitcoin and cryptocurrencies. In this issue of CW ASEAN, we examine how blockchain is being applied in cyber security, and whether the technology is really as secure as claimed by its proponents.
Also in this issue:
Burden of data protection is on firms and governments, conference told
A senior executive at Singapore’s Cyber Security Agency has stressed the role of corporate data governance and government regulations in raising the bar on cyber security.
Bug hunters
Trend Micro’s Zero Day Initiative is a leading bug bounty program that shares software vulnerabilities with suppliers including Microsoft and Adobe.
Global IoT security standard an elusive goal
Despite the lack of a global internet of things security standard, existing security frameworks are on the same page in areas such as device upgradability and data stewardship.
-
Computer Weekly – 30 July 2024: CrowdStrike blue screen bug serves a stark warning
By: TechTarget ComputerWeekly.com
Type: Ezine
In this week’s Computer Weekly, we analyse the lessons from the global IT outage caused by the blue screen bug in CrowdStrike security software. We talk to the data chief of Barilla, the €4bn pasta maker, about the benefits of asking, “So what?” And we find out how Finland is taking a lead on quantum computing. Read the issue now.
Find more content like what you just read:
-
Calculating the ROI of Bug Bounty Engagements
By:
Type: Replay
Security ROI is top of mind for security and business leaders who need to quantify the impact of their investment. Line of sight into security ROI has always been hard, and adoption of crowdsourced security with a "pay for results" economic model (aka, bug bounty) adds additional considerations -- but also opportunities to show a tangible impact on the bottom line. Join our webinar featuring Paul Ciesielski and Jason Haddix as they discuss: -The overall potential economic impact of bug bounty adoption -How bug bounty potentially affects operational efficiency and traditional pen testing -How to think about qualitative benefits
-
Frontline Tips for Managing a High-Performing Bug Bounty Program
By:
Type: Replay
A well-designed and purposefully run bug bounty program can have a tremendous impact on your organization's attack resistance. A few fundamental steps will help you hit the ground running, so you can successfully launch and maintain a high-performing bounty program. In this webinar, HackerOne’s field experts will walk you through what you need to know, drawing on their firsthand experience planning bug bounty programs for organizations ranging from federal governments to SMBs and global enterprises. You’ll learn how they set up customers for success and how mature programs operate to derive maximum value. Key takeaways: - Pre-launch steps for an effective public or private bug bounty program - Day-to-day operational practices to ensure consistent results and maximum ROI - Real-world examples of how bug bounty programs drive hacker engagement and track results - How HackerOne Bounty can help reduce recurring vulnerabilities by up to 98% and enable organizations to release secure products faster
-
Calculating the ROI of Bug Bounty Engagements
By:
Type: Replay
Security ROI is top of mind for security and business leaders who need to quantify the impact of their investment. Line of sight into security ROI has always been hard, and adoption of crowdsourced security with a "pay for results" economic model (aka, bug bounty) adds additional considerations -- but also opportunities to show a tangible impact on the bottom line. Join our webinar featuring Paul Ciesielski, Chief Revenue Officer at Bugcrowd, and Jason Haddix, CEO and Hacker of Arcanum Information Security, as they discuss: -The overall potential economic impact of bug bounty adoption -How bug bounty potentially affects operational efficiency and traditional pen testing -How to think about qualitative benefits
-
#IMOS21 How To: Embark on a Bug Bounty Program
By:
Type: Talk
Bug bounty concepts have taken off in recent years with more and more organizations seeking to benefit from a variety of options now at their disposal. At the same time, vast numbers of researchers have increasingly taken to making their bug-hunting services available via crowdsourced offerings that seek to relieve the heavy lifting for organizations whilst providing effective results in the pursuit of tightening the security ship. Amid that backdrop, understanding, selecting and implementing the right bug bounty scheme for a specific business is key to garnering the potential benefits on offer. In this session, a leading bug bounty specialist will advise how to run an affective bug bounty program, from conception and introduction to ongoing maintenance and ensuring fruitful outcomes. Key takeaways: • The benefits of a successful bug bounty program • Understanding the various types of bug bounty options at your disposal • How to ensure your organization gets the most out of a bug bounty program
-
5 Tips and Tricks for Running a Successful Bug Bounty Program
By:
Type: Replay
Bug bounties have continued to grab headlines over the past year - we’ve seen 40% growth in program launches during the past year. As bug bounty programs have become a necessity, so has understanding the nuances of how to make a bug bounty program successful. Running a successful bug bounty program starts far before the actual program launch and is a continuous process. If you're running your own, or starting with a vendor, what do you REALLY need to to know? Join Cisco Meraki’s Bug Bounty Program Manager, Alexander Laliberte and Bugcrowd’s Sr. Manager of Solutions Architect, Grant McCracken for a panel discussion on: - What a successful program looks like - Practical tips for optimizing your bug bounty program - What levers an organization can pull to see success
-
Axis Communications | Ask Me Anything: Bug Bounties and security success
By:
Type: Talk
Join Andre and Benjamin from Axis Communications, alongside Matthias from Bugcrowd, as they answer your questions on the impact of bug bounty programs on company security. From understanding the enormous benefits of bug bounties to exploring the best practices for scaling these programs effectively, this session offers a comprehensive look into leveraging crowdsourced security solutions for maximum impact. We’ll dive into: • Scaling your program and enhancing security posture: Gain practical insights into scaling your bug bounty program and improving your company’s security posture over time. • The impact on security: Discover how the bug bounty program has significantly enhanced Axis Communications’ security by identifying and fixing vulnerabilities before bad actors could exploit them. • Hacker and program owner perspectives: Hear from hackers like Matt and program owners like Andre and Benjamin about what makes a bug bounty program successful and what both parties want to see. • Future trends and best practices: Explore emerging trends in bug bounty programs and predictions for the future, including their role in mitigating threats and improving overall security. Join us for an in-depth discussion and get actionable tips for optimizing your own bug bounty program to safeguard your organization’s security.
-
Beyond the Bounty - The Real Value for Hackers & Organizations
By:
Type: Replay
HackerOne’s Laurie Mercer will be joined by Jacob Mattsson, Security Lead at online gaming company Kindred Group, who recently went public with their bug bounty program, Baden Delamore, Product Security Lead at Deliveroo and up and coming hacker, Katie Paxton-Fear a.k.a @InsiderPHD. 3 Key Takeaways: - How bug bounty insights have informed Kindred’s development processes - What motivates the best bug hunters and keeps them coming back to your program - Learn best practises of running a successful bug bounty program
-
Beyond the Bounty - The Real Value for Hackers & Organizations
By:
Type: Replay
HackerOne’s Laurie Mercer will be joined by Jacob Mattsson, Security Lead at online gaming company Kindred Group, who recently went public with their bug bounty program, Baden Delamore, Product Security Lead at Deliveroo and up and coming hacker, Katie Paxton-Fear a.k.a @InsiderPHD. 3 Key Takeaways: - How bug bounty insights have informed Kindred’s development processes - What motivates the best bug hunters and keeps them coming back to your program - Learn best practises of running a successful bug bounty program
-
Beyond the Bounty - The Real Value for Hackers & Organizations
By:
Type: Replay
HackerOne’s Laurie Mercer will be joined by Jacob Mattsson, Security Lead at online gaming company Kindred Group, who recently went public with their bug bounty program, Baden Delamore, Product Security Lead at Deliveroo and up and coming hacker, Katie Paxton-Fear a.k.a @InsiderPHD. 3 Key Takeaways: - How bug bounty insights have informed Kindred’s development processes - What motivates the best bug hunters and keeps them coming back to your program - Learn best practices of running a successful bug bounty program
-
Computer Weekly – 3 October 2023: Where next for quantum computing?
By: TechTarget ComputerWeekly.com
Type: Ezine
In this week's Computer Weekly, we talk to the head of Amazon's Braket quantum computing services about how the technology is progressing. We go behind the scenes at an ethical hacker event to find out how bug bounty programmes work. And we analyse the offerings of the major players in software-defined storage. Read the issue now.
-
How Security Researchers Strengthen the DOD's Security
By:
Type: Replay
On July 4th, 2022, Chief Digital and Artificial Intelligence Office (CDAO), Directorate for Digital Services (DDS), DoD Cyber Crime Center (DC3), and HackerOne publicly launched the Hack U.S. bug bounty challenge, allowing ethical hackers from around the globe to earn monetary rewards for reporting of critical and high vulnerabilities from within the DoD Vulnerability Disclosure Program (VDP) published scope. Watch this webinar to hear Corben Leo, a security researcher from the Hack U.S. program, discuss: -How the Hack U.S. Bug Bounty Challenge was performed -Results of the Hack U.S. Bug Bounty Challenge -Key differences between VDP's and bug bounty programs -How both VDP's and bug bounty programs can benefit your agency
-
Skroutz Ask Me Anything: Bug Bounties and security success
By:
Type: Talk
Join Skroutz CISO, George Papakyriakopoulos, and Bugcrowd Technical Program Manager, Matthias Held, as well as Robin Marte, ethical researcher on Bugcrowd, as they answer your questions on the impact of bug bounty programs on company security. From understanding the enormous benefits of bug bounties to exploring the best practices for scaling these programs effectively, this session offers a comprehensive look into leveraging crowdsourced security solutions for maximum impact. We’ll dive into: 1) Scaling your program and enhancing security posture: Gain practical insights into scaling your bug bounty program and improving your company’s security posture over time. 2) The impact on security: Discover how the bug bounty program has significantly enhanced Skroutz’s security by identifying and fixing vulnerabilities before bad actors could exploit them. 3) Hacker and program owner perspectives: Hear from hackers and program owners like George about what makes a bug bounty program successful and what both parties want to see. 4) Future trends and best practices: Explore emerging trends in bug bounty programs and predictions for the future, including their role in mitigating threats and improving overall security. Join us for an in-depth discussion and get actionable tips for optimizing your own bug bounty program to safeguard your organization’s security.
-
Sophos Ask Me Anything: Bug Bounties - on demand session
By:
Type: Replay
Join Sophos CISO, Ross McKerchar, and Bugcrowd CEO, Dave Gerry, as they answer your questions on the evolution and significance of bug bounty programs. From defining bug bounties and exploring their key benefits to understanding the intricacies of running a successful program, this session offers a comprehensive look into how to leverage crowdsourced security solutions effectively. We’ll dive in to: -Getting started and growing your program: Gain practical insights into launching, expanding, and measuring the impact of bug bounty programs over time. -Collaboration between hackers and organizations: Discover the relationship between the hacking community and organizations -Real-world examples and success stories: Hear about successful bug bounty programs and gain actionable tips for optimizing your own program. -The future of crowdsourced security: Explore emerging trends and predictions for the future of bug bounty programs, including their role in mitigating ransomware threats.
-
Proactive Security: Software vulnerability management and beyond
By: TechTarget ComputerWeekly.com
Type: eGuide
In this e-guide we discover why modern security professionals are moving to a more pro-active approach to cyber defence, and how managing vulnerabilities is a key element of that.
-
Breaking Barriers: Introducing the Bug Bounty Lifecycle (EMEA)
By:
Type: Replay
We ingest bugs from our researchers, but how do we derive maximum value from every bounty that paid for? Join Verizon Media as they walk through real scenarios of their Bug Bounty Lifecycle (BBLC) and gain an understanding of how to optimize your security efforts and make an organizational impact
-
-
-
June Patch Tuesday 2018
By:
Type: Video
“April showers bring May flowers”—but did you know May flowers bring June bugs? A less known line from that poem for sure, but quite apt for a Patch Tuesday synopsis where software updates are the name of the game. This June there’s more grist for the mill, though there are fewer patches than we’ve seen of late. Take note of the fix for a new zero day targeting a Flash bug. And use this relative downtime to make sure your patch processes are in good working order. Remember: Meltdown and Spectre are back with all new bugs to banish from your IT environment.
-
Contrast Security Discovers Netflix OSS Genie Bug That Can Lead To RCE
By: Contrast Security
Type: Case Study
Vulnerabilities gone undetected are arguably the most dangerous threat to any organization. Contrast Assess aims to be at the forefront of the discovery process, continuously detecting and prioritizing vulnerabilities to guide dev teams on how to eliminate risks. Read this blog for a walkthrough of how they discovered an open-source system bug.
-
Bug Bounty Programs: What Are They and Do You Need One?
By:
Type: Talk
Bug bounty programs allow companies to leverage the potential of ethical hacking by offering monetary rewards to those who successfully discover and report any weaknesses or vulnerabilities within their digital assets. Join Diana Kelley and guests as they deep dive into bug bounty programs, how they work, and whether they are right for your organization.
-
Computer Weekly - 5 May 2020: The role of AI in the war against pandemics
By: TechTarget ComputerWeekly.com
Type: Ezine
In this week's Computer Weekly, we look at how AI and data science are supporting the global push to deal with the coronavirus pandemic. We reveal, and talk to, the man behind the world's first computer virus pandemic, the Love Bug. And we examine how the IT services market will change as a result of the current crisis. Read the issue now.
-
6 Key Benefits of Automation Platform for Secure Operations
By: Red Hat
Type: White Paper
To discover 6 security benefits of moving to Red Hat Ansible Automation Platform, tap into this white paper.
-
Adding a Bug Bounty Program to our Security Portfolio
By:
Type: Talk
Protection of the customer data entrusted to us is paramount. Yet daily, new threats arise and we employ a wide variety of tools and techniques to stay ahead to the bad guys. One such technique is a bug bounty program. Our program is managed by Bugcrowd and is a key part of our security portfolio and we recently made the program public so that any security researcher can join. In a bug bounty program white-hat hackers help find potential vulnerabilities that we can review and, as needed, remediate them before they can be exploited by anyone else. In this webinar our panel of security experts will discuss why we decided to use employ a bug bounty program, how it fits into our security portfolio, and how you too can join in on either side: hacker or hackee.
-
How to Protect Your IP While Accelerating Electronic Product Development
By:
Type: Replay
Join us for a live webinar where we'll showcase the capabilities of Altium 365 Organizational Security Package. Discover how you can protect your sensitive information and seamlessly integrate with existing security frameworks. What You Will Learn: - Seamlessly integrate your Identity Management systems like SSO and MFA to enhance security and operational efficiency. - Learn what events we track and utilize Altium 365 SIEM APIs to funnel these details into your existing SIEM system. - Enhance security protocols with our IP whitelisting to ensure that only trusted traffic can access your network. - Examine strategies to limit access by project, ensuring each team member and contractor has appropriate permissions without overarching access. - Find out how unlimited cloud storage and project synchronization with Jira can streamline your design processes and improve project visibility. - Learn about additional security measures and applications available, including how to support US government compliance with Altium 365 GovCloud. - Explore the comprehensive features of Altium 365 Organizational Security Package.
-
Open Source Cybersecurity: Bug Bashes for Kubernetes Projects
By:
Type: Talk
The landscape of cybersecurity is rapidly changing in the open source world. Traditional, or “Legacy Attacks” used to target code downstream in open source code running in production, but the next generation of attacks is in manufacturing upstream Typo-squatting campaigns, Malicious Code Injection directly at source and Tool Tampering in development stream, all of which pose risks from the biggest corporations to the smallest hobbyist project as we all rely on the same open source ecosystems to do our work. To handle these attacks at scale, we’ve developed open source Bug Bashes, a gamified event where developers compete and collaborate to fix as many bugs as possible in participating open source projects. To date, we’ve had 30+ developers fix over 700 bugs on 9 CNCF projects, and we are expanding this to globally scale - focusing specifically on the Kubernetes ecosystem in the coming months. Join this talk to learn more about how these bug bashes are making the K8 projects you already use more secure, and how you might be able to get involved as a participating project or contributor.
-
Shorten your software vulnerability remediation by over 35%
By:
Type: Talk
Between looming deadlines and increased pressure to launch better products faster than the competition, modern-day developers have less time than ever before. Valuable time is often consumed by rework, debugging, and code maintenance - a recent survey found 38% of developers spend up to a quarter of their time fixing software bugs. Over half of developers say if they didn't have to spend so much time fixing bugs, they would have enough time to build new features and functionality. In this webinar, join experts from Bugcrowd, Secure Code Warrior, and TX Group, as they discuss: Why vulnerabilities continue to be an issue despite the use of scanning tools The importance of security testing as a component of the security workflow How to fix the traditional security training model How to help your developers find and fix vulnerability issues faster Steps to leverage crowdsourced security to optimise your security model Join the discussion to hear how TX Group is addressing this challenge and pick up practical tips to help your development team today.
-
How LiveCompare helps improve the quality of your custom SAP code
By:
Type: Video
Bugs in your custom ABAP code can impact critical processes, costing your business time and money, and potentially damaging your reputation. These are a few of the many reasons why the quality assurance of custom ABAP code is gaining momentum among SAP developers and technology leaders alike. Detecting bugs early in development, before they’re moved across the landscape, minimizes cost and risk while boosting productivity.
-
How LiveCompare helps improve the quality of your custom SAP code
By:
Type: Replay
Bugs in your custom ABAP code can impact critical processes, costing your business time and money, and potentially damaging your reputation. These are a few of the many reasons why the quality assurance of custom ABAP code is gaining momentum among SAP developers and technology leaders alike. Detecting bugs early in development, before they’re moved across the landscape, minimizes cost and risk while boosting productivity.
-
LinkedIn's Journey to Building A Successful Bug Bounty Program
By:
Type: Talk
Join us in this WiCyS strategic partner webinar with LinkedIn for an exciting journey through the evolution of LinkedIn's bug bounty program. Discover the ins and outs of bug bounty programs, including our very own success story and invaluable lessons learned from transitioning our program from a small, private initiative to a public launch last year. Plus, gain insights into how you can kickstart your path to becoming a security researcher. Don't miss out!
-
All Your Data Belongs to You
By:
Type: Replay
HackerOne has enhanced data visualization and analysis capabilities. For many bug bounty programs, the functionality available through the dashboards is sufficient. Some programs however want to utilize their bug bounty program data as input to external tools such as custom workflows, report delivery, and Machine Learning. This talk demonstrates step-by-step how the robust HackerOne API can be utilized to securely access your program's data to power these and many other external applications.
-
How Conda Signature Verification Secures Your Software Pipeline from the Start
By:
Type: Video
Recent events have highlighted the importance of software supply chain trustworthiness and security. In this session, we discuss the content trust features in conda and the Anaconda Professional Repository. We’ll describe the design of conda's package signature verification functionality and its trust architecture, and identify the threats they protect against. Finally, we’ll highlight what’s next for Anaconda content trust as we continue to work to better secure the conda package ecosystem.
-
Transforming Security with Pentesting and Bug Bounties
By:
Type: Talk
Google, Apple and Microsoft awarded record-breaking prizes to bug hunters in 2022, with Google alone delivering $12m in bug bounties. During the same year, the pentesting industry disclosed over 25,100 vulnerabilities – a 4000 spike compared with the previous year. Now, in 2023, even tech darling OpenAI is betting big on bug bounties, offering up to $20,000 for ChatGPT users reporting vulnerabilities. Join this session to learn why organizations are increasingly adopting offensive cyber programs and the challenges that they face when incorporating them into their overall cyber-defensive posture. - Understand why defensive cyber along is not sufficient to prevent cyber-attacks - Learn the differences between pentesting, bug bounties, red/blue/purple teaming - Understand how to adapt these programs to your business - Explore how offensive cyber programs will be critical to securing generative AI tools Presenters: Jon Medvenics, Chief Hacker, Heretek | Katie Paxton-Fear, Ethical Hacker, Traceable | Donald Donzal, CMO, TCM Security & Founder, The Ethical Hacker Network | Hani Momeninia, Purple Team Operative, City Electrical Factors
-
Ask a Hacker in 2023
By:
Type: Replay
In this session, some of world’s top ethical hackers share everything you've ever wanted to know. Hear about their most exciting find, learn about their strategies for identifying the most critical bugs to your organizations, and find out about what makes a successful ethical hacking program from their point of view. Key takeaways - Understand what motivates ethical hackers - Learn their strategies for identifying the most business-critical bugs - Get the tips for running a program that top ethical hackers will want to work on
-
Developer's Journey with Polaris
By:
Type: Talk
Join us for a deep dive into 'A Day in the Life of a Secure Code Developer' with Synopsys Polaris. In this upcoming webinar, we will explore how this developer-friendly software security platform is dedicated to keeping your code and open source libraries in your code secure. In this session we will demonstrate how Polaris - connects seamlessly with your SCM repositories and bug tracking systems - automates scanning, centralizes issue management, and increasing development velocity - triggers scanning with the option to “break the build” Polaris, is the all-in-one platform optimized for the needs of development and DevSecOps teams.
-
A Good Data Analytics Program Relies on Good Data Ops
By: AllCloud
Type: Blog
Poor DataOps processes leads to inconsistencies that can cause your customers to question the quality of your data. Access this blog post to learn about 4 potential implications of ineffective DataOps & discover strategies for evaluating the current state of your process.
-
Legacy Virus’: How Not to Get Duped by Old Bugs
By:
Type: Video
As research has proved, old malware and viruses continue to be a prevalent pest for businesses.. Why do old bugs and legacy virus’ continue to be a problem for businesses years after they are supposed to have ended, or been sinkholed? And who is controlling them? This session will question the advancement of defence tactics in light of the persistent threats. Has security ever advanced if such malware continues to persist? Why do the likes of Zeus and Conficker continue to bother businesses, years after they were supposed to have been defeated? What threats can old bugs legitimately pose? 15.35-16.05
-
Insights from Intel's Bug Bounty Program
By:
Type: Replay
Hear how bug bounty plays a role in Intel's security posture and how insights from their program leads to more secure products.
-
The Best Crawl, Walk, Run Approach to Bug Bounties
By:
Type: Replay
Our “Crawl, Walk, or Run” webinar will help you understand how companies of all sizes and security acumen can launch a bug bounty program at any pace. The webinar features Tara Hooey, a HackerOne program manager responsible for helping onboard and train new customers on everything from bounty structures to understanding program data and interpreting results. If the webinar title didn’t give it away, there’s an approach to starting your own bounty program no matter how big your team, how advanced your security apparatus, or how many resources you have to devote.
-
DBT Crowdsourced Security and DevOps: A Few Things You Probably Didn't Know
By:
Type: Replay
Crowdsourced security has its roots in the bug bounty movement, which emerged years ago. Since then, it's become much more versatile, enhancing numerous security workflows (pen testing, ASM, etc.), and for many adopters, joining the mainstream development lifecycle. In this webinar, you'll learn: - About integrating crowdsourcing with your existing dev and security processes - Modern use cases for crowdsourced security that go beyond bug bounty - The difference between generalist crowds and curated crowds - How it contributes to continuous, shift-left security
-
Ethical Hackers: Redefining The Security Landscape
By:
Type: Talk
As security breaches and attacks become more sophisticated and complex, managing your vulnerabilities and gaining a human perspective on your security gaps is an effective way to protect your attack surface. With 34% of ethical hackers and vulnerability researchers reporting that they have seen more bugs due to pandemic-driven Digital Transformation initiatives (HackerOne), now is the time to integrate a human element into your security controls. In this episode of The (Security) Balancing Act we’ll deep dive into the threat landscape, looking at why the insights of an outsider might be just what your organization needs. Join us as we discuss: - The value ethical hackers and vulnerability researchers can bring to your organization - Why ethical hackers and vulnerability researchers are more valuable now than ever before - Considerations for crowdsourcing ethical hacking and penetration testing - How bug bounty programs benefit companies and the research community - What to know if you are thinking of launching a bug bounty program - How ethical hackers and vulnerability researchers enhance vulnerability management - The 2021 threat landscape
-
Ethical Hackers: Redefining The Security Landscape
By:
Type: Video
As security breaches and attacks become more sophisticated and complex, managing your vulnerabilities and gaining a human perspective on your security gaps is an effective way to protect your attack surface. With 34% of ethical hackers and vulnerability researchers reporting that they have seen more bugs due to pandemic-driven Digital Transformation initiatives (HackerOne), now is the time to integrate a human element into your security controls. In this episode of The (Security) Balancing Act we’ll deep dive into the threat landscape, looking at why the insights of an outsider might be just what your organization needs. Join us as we discuss: - The value ethical hackers and vulnerability researchers can bring to your organization - Why ethical hackers and vulnerability researchers are more valuable now than ever before - Considerations for crowdsourcing ethical hacking and penetration testing - How bug bounty programs benefit companies and the research community - What to know if you are thinking of launching a bug bounty program - How ethical hackers and vulnerability researchers enhance vulnerability management - The 2021 threat landscape
-
Ethical Hackers: Redefining The Security Landscape
By:
Type: Talk
As security breaches and attacks become more sophisticated and complex, managing your vulnerabilities and gaining a human perspective on your security gaps is an effective way to protect your attack surface. With 34% of ethical hackers and vulnerability researchers reporting that they have seen more bugs due to pandemic-driven Digital Transformation initiatives (HackerOne), now is the time to integrate a human element into your security controls. In this episode of The (Security) Balancing Act we’ll deep dive into the threat landscape, looking at why the insights of an outsider might be just what your organization needs. Join us as we discuss: - The value ethical hackers and vulnerability researchers can bring to your organization - Why ethical hackers and vulnerability researchers are more valuable now than ever before - Considerations for crowdsourcing ethical hacking and penetration testing - How bug bounty programs benefit companies and the research community - What to know if you are thinking of launching a bug bounty program - How ethical hackers and vulnerability researchers enhance vulnerability management - The 2021 threat landscape
-
Utilizing the Dataiku “App as Recipe” Feature to Make Your Flows Reusable
By:
Type: Talk
Often, in Dataiku projects, we’ll create a series of preparation steps that we’d like to “package” for reuse across other use cases or projects. The possibility of creating a standard reusable plugin works great for steps that we can easily translate into code, but does not help for chains of visual recipes that are very common in our DSS projects. Utilizing the Dataiku “App as Recipe” feature, it’s easy to create reusable packages consisting of any number of visual recipes which make it much easier for your team to reproduce common tasks.
-
Discover unknown vulnerabilities with crowdsourced security
By:
Type: Talk
Crowdsourced security refines and improves on the bug bounty concept, moving into the mainstream for numerous use cases, including penetration testing and attack surface management, to help solve problems that other approaches cannot. In this session you will learn about the drivers for, and value of, modern crowdsourced security, how to adopt and operationalize it gracefully and at scale, and why “crowd fear” is a red herring. Join our experts to discuss: - How to leverage crowdsourced security in your security posture - The benefits of using a bug bounty program - The world of ethical hacking today
-
Crowdsourced Security and DevOps: A Few Things You Probably Didn't Know
By:
Type: Replay
SANS and Bugcrowd recently partnered up for a webinar which explored the versatility of crowdsourced security and the bug bounty movement. During the webinar SANS Certified Instructor and Author, Jorge Orchilles, and Bugcrowd’s Manager of Solutions Architecture, Kevin Hemmingsen, discussed: - Modern use cases for crowdsourced security that go beyond bug bounty - The difference between generalist crowds and curated crowds - How crowdsourced security contributes to continuous, shift-left security - How to think about integrating crowdsourcing with your existing dev and security processes
-
Attracting the Hacker -- Bug Bounty and Coordinated Vulnerability Disclosure
By:
Type: Video
In the past, IT was driving the tools for the business. Today, “the IT” no longer exists. Tools are selected and implemented by business users. The main driver is digital transformation supported by widespread, cheap and ubiquitous technology. At the same time traditional security also is being “digitally transformed” as these new landscapes also expand cyberspace attack surfaces. Ideally, companies have a well-established cyber defense; in reality, they are often reactive, slow and provide limited visibility of the attack surface, allowing hackers to be that one step ahead. That’s why companies should turn the tables and pay these hackers to challenge the security surrounding products and services. A bug bounty program supports this by opening a path for them to legally monetize their findings. Learning objectives: 1. Understand the benefits of including bug bounty programs into the vulnerability management process. 2. Explain to senior management why inviting hackers to ""challenge"" a company's products and services is not a risk but a chance. 3. Understand the requirements and challenges to set up a bug bounty program.
-
How A Bug Becomes A Fix (APAC)
By:
Type: Replay
From testing to vulnerability report, to validation, to CVSS, to security team, to developer...now what? In this session LINE will trace the path of a bug from hacker to fix and feed it back into the SDLC, and all the communication that happened along the way.