The Flaws in Hordes, The Security in Crowds - Crowdsourced Security Models

Explore the complexities of crowdsourced security models and bug bounty programs in this 40-minute conference talk from AppSec EU 2017. Examine the intended benefits of these programs in discovering and resolving vulnerabilities in production applications, while critically analyzing their potential drawbacks and deviations from effective security development lifecycles. Learn strategies for maintaining a focused, risk-based approach that contributes positively to development, and avoid common pitfalls that can turn these programs into distractions. Delve into the implications of bounty programs on appsec automation trends and identify remaining gaps in the field. Gain insights into the broader challenges of building a useful appsec program, including budgeting and communication aspects, beyond mere bug identification. This talk, presented by Mike Shema and managed by the official OWASP Media Project, offers a comprehensive look at the flaws and strengths of crowd-based security approaches.