After many years of friction, software organizations and hackers are finally working together to find, report, and fix vulnerabilities using a wide range of bug bounty and incentive programs. The leading organizations embracing this collaborative approach have seen dramatic improvements to their security response capabilities. Enabling a distributed pool of talented hackers to augment their internal teams helps offset a significant shortfall in the security workforce. These organizations recognize that bulletproof security is a delusion and adopt a continuous, collaborative approach to improvement.
But how effective are these programs? Alex Rice offers an overview of an advanced framework for assessing the performance of these programs and quantifying their impact on your security development life-cycle based on a weighted index that looks at six dimensions—hacker breadth, depth, vulnerabilities found, response efficiency, reward competitiveness, and signal ratio analysis—drawn from an analysis of aggregate vulnerability coordination data from over 500+ organizations. Whether you already run an active bug bounty program or still have your security@ address route to /dev/null, Alex will help you shed blind dogma; you’ll walk away armed with an analytical approach to building a highly effective vulnerability coordination program.
Alex Rice is a cofounder and chief technology officer at HackerOne, which provides a platform that enables organizations to build strong relationships with a community of security experts. Alex is responsible for developing the HackerOne technology vision, driving engineering efforts, and counseling customers as they build world-class security programs. Previously, Alex worked at Facebook for over six years, where he founded the product security team, built one of the industry’s most successful security programs, and introduced new transport layer encryption used by more than a billion users. Alex also serves on the board of the Internet Bug Bounty, a nonprofit organization that enables and encourages friendly hackers to help build a more secure Internet.
©2016, O'Reilly Media, Inc. • (800) 889-8969 or (707) 827-7019 • Monday-Friday 7:30am-5pm PT • All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners. • firstname.lastname@example.org