Measuring and Maximizing Crowdsourced Vulnerability Discovery
There are many crowdsourcing vulnerability discovery techniques available today, making it difficult for testers to choose an approach that finds important vulnerabilities while offering the best bang for the buck. Join Mike Shema as he shares several years of real-world data that will help you understand the different discovery techniques, such as bug bounty programs and scanners, and the best time to use each technique. Mike also will discuss how your approach may change according to your lifecycle, and ways to think about integrating security within that process. You'll see how metrics play a pivotal role in determining where to focus your time in order to work as efficiently as possible while achieving the best results. Learn three key measures that help drive risk-based decisions while balancing your team’s efforts with the stakeholders’ need for information. You'll leave with new strategies to better use the power of crowdsourcing to find and fix important vulnerabilities in your systems.