Combining the Power of Builders and Breakers in Cybersecurity - USENIX Enigma 2018

Explore the complex relationship between companies and security researchers in this 19-minute conference talk from USENIX Enigma 2018. Delve into the current state of the cybersecurity industry and its future challenges as Casey Ellis, Founder of Bugcrowd, examines the evolving dynamics of bug bounty programs. Gain insights into the strengths and weaknesses of both builders and breakers, and learn how their collaboration can be celebrated, controlled, and secured. Discover the potential risks and rewards of bug bounty partnerships, including trust-building strategies, regulatory considerations, and long-term rapport development. Understand the necessity of this "unlikely romance" in defeating cyber attackers and shaping the future of security assessment. Examine the growth of bug bounties, their safety concerns, and real-world case studies. Learn key takeaways for successful vulnerability disclosure programs, including aligning expectations, effective communication, and proper incentivization. Conclude with a call to action for improving the cybersecurity landscape through collaborative efforts between companies and security researchers.