From the Advice Worth Keeping podcast series
Hosted by Stan Lepeak, Global Research Director,
KPMG LLP Management Consulting
If your information security team recommends instituting a “bug bounty program,” they’re not advocating that you unleash hordes of hackers to find vulnerabilities in your Internet-related infrastructure. Rather, they’re suggesting a modern method of utilizing external, professional security researchers to help reduce information security risks.
While the goal of bug bounty programs is to provide “more eyes and hands on the information security keyboard” in order to quickly and cost-effectively identify and report bugs and vulnerabilities, their success is rooted in multiple factors.
In this second of two podcasts on bug bounty programs, Caleb Queern, a security services-focused member of KPMG’s Advisory group, sat down with Stan Lepeak to discuss:
- Why it’s important to define the scope and parameters of your bug bounty program
- Why starting small and scaling up over time will reap the best rewards
- The checklist for helping ensure bug bounty program success. These include pre-kickoff communications among development, operations, and customer service teams, the types and/or volumes of vulnerabilities you’re currently seeing, and the metrics you’ll use to demonstrate the value of the program to management.
Duration: Approximately 10 minutes. Activate the recording with the play button over the image.
Listen to the first podcast in this series by Caleb Queern, Bug bounty programs: A tool you should have in your cyber security arsenal.
Access more Advice Worth Keeping podcasts from Caleb Queern on cyber security.
Explore KPMG's cyber security services.
For more Advice Worth Keeping, view the full list of podcasts and visit the Reality Check blog.
Subscribe via iTunes
Subscribe via RSS