Building a Better Web
June 11–12, 2018: Training
June 12–14, 2018: Tutorials & Conference
San Jose, CA

Embracing Vulnerability by Empowering Everyone to Own Security

Annie Lau (Trulia)
11:00am–11:40am Wednesday, June 13, 2018
Location: 210 C/G Level: Non-technical
Secondary topics:  Best practice, High-level, Web Pillars Track: Performance, Security, Accessibility

Who is this presentation for?

Manager of Software Engineering

Prerequisite knowledge

Anyone who wants to learn more about bug bounty programs, or those who have one and are looking for shared experience and tips from a successful program.

What you'll learn

Understanding of what a bug bounty program is Things to consider when making and maintaining a program Best practices in building relationships with top-ranked hackers How to build a company culture where everyone keeps security top of mind


High-profile hacks and data breaches have been top of news in recent years. It’s time for companies to double down on protection and security. Annie Lau, a manager of software engineering at Trulia, will share best practices on preventing, managing and tackling vulnerabilities, using engineering and product teams as a first line of defense.

Via Trulia’s successes and challenges, Annie will discuss how to structure and use a bug bounty program to not only fix bugs, but extract actionable insights and use them to inform and influence engineering and product decisions and processes. Additionally, Annie will share a case study on the company-wide impact of the company’s first patch-athon, the specific increase in fixed vulnerabilities following the patch-athon, how to successfully host one, and how to address these issues from a macro, company-level.

Beyond making security a natural priority for both engineering and product teams, Annie will also walk through how Trulia structures each team to ensure there is cohesive communication when vulnerabilities are discovered, and how to teach teams to build with vulnerabilities in mind.

If you hope to layer security processes and development throughout your organization, join Annie to learn actionable ideas and frameworks to rollout across your engineering, product, business and executive teams.

Photo of Annie Lau

Annie Lau


Annie Lau is a manager of software engineering for Trulia. In this role she manages the registration and API team at Trulia. She also manages the company’s bug bounty program.

Prior to joining Trulia, Annie worked for several years at Quinstreet Inc., a vertical marketing company. There, she was the director of product development. She led the mobile platform team and was the gatekeeper for all the PHP and NodeJS common code.

Annie has a degree in computer science from UC Berkeley. She resides in the San Francisco Bay Area with her husband and two daughters. Outside of work, she enjoys spending time with her family, playing badminton, snowboarding, scuba diving, and hiking and biking.

LinkedIn Profile:

Leave a Comment or Question

Help us make this conference the best it can be for you. Have questions you'd like this speaker to address? Suggestions for issues that deserve extra attention? Feedback that you'd like to share with the speaker and other attendees?

Join the conversation here (requires login)