This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Thursday, May 11 • 12:25 - 13:10
The Flaws in Hordes, The Security in Crowds

Sign up or log in to save this to your schedule and see who's attending!

Feedback form is now closed.
The crowdsourced security model has been embraced by organizations running bug bounty programs. These programs are intended to discover and resolve vulns in production applications, but too often they deviate from an effective part of the security development lifecycle into a source of noise. This presentation questions what role such programs have in improving security and the pitfalls they pose for security budgets. It covers strategies for keeping a program focused on positive, risk-based contributions to development and avoiding the traps that make it a distraction.

The presentation also explores what the emergence of bounty programs implies about trends in appsec automation and where major gaps remain. Tools must remain part of any crowdsourced security model. From budgeting to communications, there are more challenges to building a useful appsec program than just determining whether a bug exists.

avatar for Mike Shema

Mike Shema

VP SecOps & Research, Cobalt.io
Mike Shema is VP of SecOps and Research at Cobalt.io, where he organizes crowdsourced pen tests. Mike's experience with information security includes managing product security teams, building web application scanners, and consulting across a range of infosec topics. He's shared t... Read More →

Thursday May 11, 2017 12:25 - 13:10
Waterfront Center: Hall 2B

Attendees (16)