Building a Better Web
June 11–12, 2018: Training
June 12–14, 2018: Tutorials & Conference
San Jose, CA

Embracing vulnerability by empowering everyone to own security

annie lau (Trulia)
11:00am–11:40am Wednesday, June 13, 2018
Location: 210 C/G
Secondary topics:  Best practice, High-level, Web Pillars Track: Performance, Security, Accessibility
Average rating: ****.
(4.88, 8 ratings)

Who is this presentation for?

  • Anyone who wants to learn more about bug bounty programs or those who have one and are looking for shared experience and tips from a successful program

What you'll learn

  • Explore how we improved security posture at Trulia leverage bug bounty data
  • Understand best practices for building relationships with top-ranked hackers and for building a company culture where everyone keeps security top of mind


High-profile hacks and data breaches have been headline news in recent years. It’s time for companies to double down on protection and security. Annie Lau shares best practices for preventing, managing, and tackling vulnerabilities, using engineering and product teams as a first line of defense.

Annie explores Trulia’s successes and challenges as she explains how to structure and use a bug bounty program to not only fix bugs but also extract actionable insights and use them to inform and influence engineering and product decisions and processes. Along the way, Annie details a case study on the company-wide impact of the company’s first patch-athon and the specific increase in fixed vulnerabilities that followed, covering how to successfully host one yourself and how to address vulnerabilities from a macro, company level. Beyond making security a natural priority for both engineering and product teams, Annie outlines how to structure a team to ensure there is cohesive communication when vulnerabilities are discovered and how to teach teams to build with vulnerabilities in mind.

If you hope to layer security processes and development throughout your organization, join Annie to learn actionable ideas and frameworks to roll out across your engineering, product, business and executive teams.

Photo of annie lau

annie lau


Annie Lau is manager of software engineering at Trulia, where she oversees the company’s registration and API team and is intimately involved with Trulia’s security team. She also heads up Trulia’s bug bounty program, a collaboration with recruited hackers from all over the world with a singular goal—identify security vulnerabilities. Previously, Annie was the director of product development at Quinstreet, a vertical marketing company, where she led the mobile platform team and was the gatekeeper for all the PHP and Node.js common code. Annie holds a degree in computer science from UC Berkeley. She resides in the San Francisco Bay Area with her husband and two daughters. Outside of work, she enjoys spending time with her family, playing badminton, snowboarding, scuba diving, hiking, and biking.