Overview
Explore a comparative analysis of software vulnerability discovery processes employed by hackers and testers in this 21-minute IEEE conference talk. Delve into the findings of a semi-structured interview study involving 25 participants from both groups, examining their methods, skill development, and challenges faced. Gain insights into the similarities in processes but differences in outcomes due to varying experiences and security knowledge. Discover recommendations for enhancing security training for testers, improving communication between hackers and developers, and optimizing bug bounty policies to encourage hacker participation. Learn how understanding this ecosystem can lead to more secure software releases and a more effective vulnerability discovery landscape.
Syllabus
Hackers vs. Testers: A Comparison of Software Vulnerability Discovery Processes
Taught by
IEEE Symposium on Security and Privacy