I spoke about the pro’s and con’s of bug bounty programs with Mike at CrikeyCon 2017. This is a community-led conference targeting those with an interest in information security around South East Queensland and beyond.
Talk description
Over the past decade we’ve seen the rise of crowdsourcing disrupt established industries across a number of sectors. With bug bounties and the “bug bounty companies” that have commercialised them many have predicted that the days of the “traditional” pen test are numbered. If you believe the cyber thought leaders, the shift to a crowdsourced future for hackers is inevitable. But how much of this is hyperbole fueled by VC-funded startup marketing departments?
This talk will explore the economics of “success-based” testing models, the viability of these models in the market beyond Silicon Valley tech and whether the traditional testing model and the crowdsourced testing model are even mutually exclusive to begin with.