Bug bounty programs: A tool you should have in your cyber security arsenal

From the Advice Worth Keeping podcast series
Hosted by Stan Lepeak, Global Research Director,
KPMG LLP Management Consulting

Looking for a way to find bugs and vulnerabilities in your Internet-related infrastructure as quickly as possible, at the lowest possible cost? Bug bounty programs may well be a valuable solution your information security team should embrace.

Bug bounty programs leverage the available time of highly talented, non-employee security researchers to identify and responsibly inform you of information security issues they find on your terms.

While the original "Bugs Bounty" program was created back in 1995 by a technical support engineer at Netscape Communications Corporation, the concept more recently gained attention from information security executives and professionals.

In this first of two podcasts on bug bounty programs, Caleb Queern, a security services-focused member of KPMG’s Advisory group, sat down with Stan Lepeak to discuss:

• The three players in the bug bounty ecosystem
• The misconceptions about bug bounty programs
• Appropriate bug bounty scope, including websites, application program interfaces (APIs), and Internet of Things offerings.

Duration: Less than 10 minutes.  Activate the recording with the play button over the image.

Additional insights

Listen to the second podcast in this series by Caleb Queern, Bug bounty programs: How to make them successful for your business.

Listen to more Advice Worth Keeping podcasts from Caleb Queern on cyber security.

Discover how bug bounty is being used to identify security issues in medical devices read:

The time to address medical device cybersecurity is now

Is teaming the key to medical device cyber security?

Explore KPMG's cyber security services.

For more Advice Worth Keeping, view the full list of podcasts and visit the Reality Check blog.

Subscribe via iTunes

Subscribe via RSS