How many bug bounty programs does your organization run currently?

Leadership Architecture

021%

131%

232%

3-513%

5+1%

215 PARTICIPANTS

950 views1 Upvote3 Comments

Sort by:

Director of Information Security in Energy and Utilities4 years ago

Kind of curious how come this question came up? Is each vendor being considered a different bug program vs. 1 program with multiple vendors participating in it? Logically speaking the answer should only be 1 or 0 in this particular question.

2 2 Replies

no title4 years ago

Good point. I'd imagine it is the former -- <mention id="603d4689570285000131b2b6" displayname="Breonna Burrell"></mention> can chime in here since she was at BugCrowd.

no title4 years ago

<mention id="5e8620fbd36e1d153ea665d4" displayname="anatoly Chikanov"></mention> Yes closer to your first point - I noticed that most customers would run multiple program types with specialized focuses. For example, one of our enterprise car manufacturing customers would run different programs for different vehicle types as they each use their own specialized software/hardware. There are times, however, where a large customer will want to run one large, open scope program and separate bug issues on a Target level within the program itself. When I set up programs, my focus was really on the individual customer's preference and security strategy.

Content you might like

Which key pentesting capability do current AI-driven vendor solutions most fail to cover?

We are in a world obsessed with the latest technologies, where it seems everything even working should be updated or upgraded to avoid the "imposed" in my opinion "digital obsolescence myth". How inclined are you towards innovation and change when the existing systems are certainly working effectively?

Very inclined: I believe in constantly pushing for innovation and improvement, even if the current systems are effective46%

Moderately inclined: I'm open to innovation and change, but only if it clearly enhances or adds value to the existing systems48%

Not inclined: If the current systems are working effectively, I prefer to maintain stability and avoid unnecessary changes5%

View Results

Why do you think there are so few mature AI-driven autonomous pentesting solutions on the market, and why does this topic seem to generate more hype than in-depth technical discussion?

Is footprinting an effective way to do vulnerability management?

Very effective1%

Somewhat effective52%

Slightly effective31%

Slightly ineffective8%

Somewhat ineffective3%

Not at all effective

Not sure yet1%

View Results

Can you share any tips for new security leaders to identify blind spots in their organization? How have you approached this when starting a new role in the past?

How many bug bounty programs does your organization run currently?

Sort by:

Content you might like

Which key pentesting capability do current AI-driven vendor solutions most fail to cover?

Why do you think there are so few mature AI-driven autonomous pentesting solutions on the market, and why does this topic seem to generate more hype than in-depth technical discussion?

Is footprinting an effective way to do vulnerability management?

Can you share any tips for new security leaders to identify blind spots in their organization? How have you approached this when starting a new role in the past?

What sets us apart?

RELATED ONE-MINUTE INSIGHTS

How are U.S. CISOs Addressing Liability Risk?

CrowdStrike Outage: Impact And Recovery

2024 Product Management Priorities and Challenges

Data-Driven Customer Experience: Uniting D&A and CX Teams

Navigating Economic Uncertainty in 2024: IT Leader Perspectives

Take Your Insights On-the-Go