Skip to main content

Uncover the vulnerability and exploit internally, don’t rely on bug bounties alone

posted onSeptember 6, 2019
by l33tdawg

L33tdawg: Got bugs? Come to #HITBCyberWeek in October. Katie will be there for Driven2Pwn!

Cyber security professionals are often male and white. So it was an interesting experience this week to interview a woman expert, Katie Moussouris, who is adept in vulnerability disclosures and a pioneer in bug bounty programmes.

She believes that bug bounties are good but should only be used as a way to discover the well-hidden vulnerabilities and exploits that in-house security experts cannot find. A security vulnerability is an error in an IT system that can be exploited by an attacker to compromise the confidentiality or integrity of the system or to deny legitimate user access to a system.

To detect and report the vulnerabilities so that they can be fixed, organisations offer rewards to individuals to report such errors. These are called bug bounty. Moussouris believed strongly that organisations should not use bug bounties as a lazy way to detect vulnerabilities, at least not before trying to find some of the loopholes themselves.

She was speaking to Techgoondu on the sidelines of the GSEC security conference, organised by Hack in the Box. 

Source

Tags

Industry News

You May Also Like

Recent News

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th

Friday, June 7th

Thursday, June 6th