Building a Better Web
June 11–12, 2018: Training
June 12–14, 2018: Tutorials & Conference
San Jose, CA

Embracing vulnerability by empowering everyone to own security

Annie Lau (Trulia)
11:00am–11:40am Wednesday, June 13, 2018
Location: 210 C/G Level: Non-technical
Secondary topics:  Best practice, High-level, Web Pillars Track: Performance, Security, Accessibility

Who is this presentation for?

  • Anyone who wants to learn more about bug bounty programs or those who have one and are looking for shared experience and tips from a successful program

What you'll learn

  • Explore Trulia's bug bounty program and learn how to implement one at your company
  • Understand best practices for building relationships with top-ranked hackers and for building a company culture where everyone keeps security top of mind


High-profile hacks and data breaches have been headline news in recent years. It’s time for companies to double down on protection and security. Annie Lau shares best practices for preventing, managing, and tackling vulnerabilities, using engineering and product teams as a first line of defense.

Annie explores Trulia’s successes and challenges as she explains how to structure and use a bug bounty program to not only fix bugs but also extract actionable insights and use them to inform and influence engineering and product decisions and processes. Along the way, Annie details a case study on the company-wide impact of the company’s first patch-athon and the specific increase in fixed vulnerabilities that followed, covering how to successfully host one yourself and how to address vulnerabilities from a macro, company level. Beyond making security a natural priority for both engineering and product teams, Annie outlines how to structure a team to ensure there is cohesive communication when vulnerabilities are discovered and how to teach teams to build with vulnerabilities in mind.

If you hope to layer security processes and development throughout your organization, join Annie to learn actionable ideas and frameworks to roll out across your engineering, product, business and executive teams.

Photo of Annie Lau

Annie Lau


Annie Lau is Manager of Software Engineering at Trulia, overseeing the company’s registration and API team, and is intimately involved with Trulia’s security team. She heads up Trulia’s bug bounty program, a collaboration with recruited hackers from all over the world with a singular goal—identify security vulnerabilities. Previously, Annie was the director of product development at Quinstreet, a vertical marketing company, where she led the mobile platform team and was the gatekeeper for all the PHP and Node.js common code. Annie holds a degree in computer science from UC Berkeley. She resides in the San Francisco Bay Area with her husband and two daughters. Outside of work, she enjoys spending time with her family, playing badminton, snowboarding, scuba diving, hiking, and biking.

Leave a Comment or Question

Help us make this conference the best it can be for you. Have questions you'd like this speaker to address? Suggestions for issues that deserve extra attention? Feedback that you'd like to share with the speaker and other attendees?

Join the conversation here (requires login)