1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

IDG Contributor Network: Risk vs reward: how to talk about bug bounty programs

Discussion in 'CSO' started by RSS, Feb 3, 2016.

  1. RSS

    RSS New Member Member

    As someone who is just entering the industry, perhaps you think more progressively and are willing to consider non-traditional programs.

    Maybe, you think your enterprise would benefit from a bug bounty program, but you don’t quite know how to convince your team, your management, or your board that the risks of not investing in a bug bounty program may very well outweigh the rewards of working with an outside researcher.

    Casey Ellis co-founder and CEO at Bugcrowd offers some advice on how to approach the conversation.

    Bugcrowd put out a new report on the breakdown of what a bug actually costs a company, the priority that should be placed on vulnerabilities (P1 through P5), ways companies can budget for these bugs, and how a new approach is changing the security landscape.

    To read this article in full or to leave a comment, please click here

    Continue reading...

Share This Page