Risky Business #268 -- Outsource your bug bounty program?

A novel approach to crowdsourced security QA...
February 8, 2013 -- 

This week's feature interview is with Casey Ellis of BugCrowd.com -- a new business that runs outsourced bug bounty programs. It's a great idea and it's one that I personally think will really take off over the next couple of years.

This week's show is brought to you by our good friends at Adobe.

Adobe's director of product security and privacy Brad Arkin will be along a bit later on with an update on the phantom 0day issue the company experienced last year, as well as filling us in on some efforts designed to combat spearphishing attacks that use dodgy Flash objects embedded in Office files. It's more interesting than it sounds!

Adam Boileau is back in the news seat for a chat about recent headlines. You can find links to all the articles we discussed here.

Comments

droplar's picture

The bounty program has been doing pretty well. They will have to get used to with it. - Lindsay Rosenwald

Anonymous (capital A)'s picture

LOL so no comment by Adobe's lolsecurity director on the entirely non-phantom Coldfusion 0day they definitely didn't get compromised with themselves?

Bobby's picture

Welcome back, great stuff as always!

What is the music at the end of the show? It's awesome :)

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
Image CAPTCHA
Enter the characters shown in the image.