There are numerous methods available to uncover and identify operational weaknesses and functional vulnerabilities in both software applications and hardware systems. One manner in particular—running a bug bounty—has become one of the more popular methods in recent years as it can quickly scale to the scope of the environment being evaluated [covering breadth] while also matching expert researchers to specific functional areas of the operational environment to ensure the most covert weaknesses are exposed [encompassing depth]. As with most vulnerability testing methods, the goal is to find and fix these issues before a bad actor does it on the company's behalf.
Bug bounties—well, application security overall—is a topic near and dear to my heart. I've helped write craft one of the early bug bounty reports, hosted many podcasts and webcasts on this topic, and I’ve even lead a panel at AppSec USA. One more sign that I am deep into this topic area is that I often make this joke (which isn't laughable I suppose):
“Every company is running a bug bounty; many don’t know it and don’t have a formal disclosure process in place." — Sean Martin
With this mindset and background in place, you'll understand why I was excited for two things happening during this year's Hacker Summer Camp excursion:
- An opportunity to meet—in person—someone leading the bug bounty charge for quite some time: Kymberlee Price, Principal Security PM Manager - Microsoft Security Response Center's Community Programs
- To explore and discuss the dedicated Bug Bounty micro-summit during Black Hat USA 2019
Fortunately, both of these activities came together in a single setting during Black Hat, as Marco and I got to meet Kymberlee not only to discuss the micro summit, but to also hear about her journey in InfoSec and her role in establishing some of the best practices being leveraged by the industry for some time now—specifically via her work at Microsoft, at Bugcrowd, and Microsoft (again).
I loved having this conversation and hearing Kymberlee's story.
Now it's your turn to hear it. Have a listen. Guest(s)
Kymberlee Price Resources
Want more from Hacker Summer Camp 2019 in Las Vegas? Follow all of our coverage here: https://www.itspmagazine.com/black-hat-2019-and-de…
Looking for more conversations from Las Vegas? You can find those here: https://itspmagazine.com/itsp-chronicles/chats-on-… This Episode’s Sponsors:
To see and hear more event coverage content on ITSPmagazine, visit:
Are you interested in sponsoring our event coverage or another ITSPmagazine Channel?