Combining the Power of Builders and Breakers in Cybersecurity - USENIX Enigma 2018
USENIX Enigma Conference via YouTube
Overview
Explore the complex relationship between companies and security researchers in this 19-minute conference talk from USENIX Enigma 2018. Delve into the current state of the cybersecurity industry and its future challenges as Casey Ellis, Founder of Bugcrowd, examines the evolving dynamics of bug bounty programs. Gain insights into the strengths and weaknesses of both builders and breakers, and learn how their collaboration can be celebrated, controlled, and secured. Discover the potential risks and rewards of bug bounty partnerships, including trust-building strategies, regulatory considerations, and long-term rapport development. Understand the necessity of this "unlikely romance" in defeating cyber attackers and shaping the future of security assessment. Examine the growth of bug bounties, their safety concerns, and real-world case studies. Learn key takeaways for successful vulnerability disclosure programs, including aligning expectations, effective communication, and proper incentivization. Conclude with a call to action for improving the cybersecurity landscape through collaborative efforts between companies and security researchers.
Syllabus
Introduction
What is a bug bounty
The first documented bug bounty program
The future of the Internet
The growth of bug bounties
Is it safe
Bug bounty programs
Public case study
Who are they
Takeaway
Vulnerability Disclosure
Crawl Walk Run
Align Expectations
Communication
Cash is King
Call to Action
Taught by
USENIX Enigma Conference