SC 83: Bug Bounty Programs: Trends in Developing Secure Software with SANS John Pescatore
In the push to launch mission critical applications, insecure software often makes it into production. Sometimes hackers find the gaps and exploit vulnerabilities. Now new approaches are leading to continuous vulnerability testing - by ‘hackers.’
Based on crowdsourcing and by offering bug bounties, Secure Systems Development Life Cycle (SDLC) principles are being enhanced and developers' mindsets are being changed.
Code quality improvements resulted and efficiency improved. In this conversation, SANS Institute Director of Emerging Security Trends John Pescatore tells Security Current's Vic Wheatman what some CISOs and application developers have found by moving in this direction.