A Look Inside: Bug Bounties and Pen Testing

A Look Inside: Bug Bounties and Pen Testing

As more organizations turn to bug bounty programs, versus penetration testing, to weed out vulnerabilities in their products we ask Christie Terrill,

Microsoft dives down a bizarre non-cumulative rabbit hole with July patches
AWS Sends Noise To Signal: You Can’t Use Our Servers To Beat Censors
‘Unprecedented’ DNS Hijacking Attacks Linked to Iran

As more organizations turn to bug bounty programs, versus penetration testing, to weed out vulnerabilities in their products we ask Christie Terrill, partner at Bishop Fox, what she sees as the pros and cons of either approach.

Threatpost’s Lindsey O’Donnell also asks Terrill what kind of companies are best suited for bug bounty programs versus conducting their own penetration testing? Terrill also addresses what these methods mean for vulnerability disclosures and the legal nuances and complexities behind bug bounty programs.

Go to Source

COMMENTS