Combining the Power of Builders and Breakers

The current state of the industry and “what happens next” is keeping security practitioners up at night. The interaction between companies and security researchers is a fragile equation: can they like each other or should they hate each other? Or both?

Questions around this love/hate relationship, and its future abound, include: If we like each other, what are our groups’ strengths and weaknesses? How can this newly formulated partnership be celebrated? Controlled? Secured? When the honeymoon period is over, what happens if things go wrong? Can potential issues be predicted before we agree to partner together? How is trust established: Have we asked the right questions? How do we build long term rapport and respect? What regulations or legislation, if any, do we need to learn and follow?

One misstep in a bug bounty program could shut down this harmonious “marriage,” but at the same time, more and more companies are taking on this perceived risk given that they’re seeing this new way of doing things is necessary and inevitable. Arming companies with more ammunition is necessary to defeat their attackers.

If we make it through this fragile security landscape, what will that future look like?

Our current approach to security assessment is inherently flawed. In this talk, Casey will examine how we got here, and how the "unlikely romance" between whitehats and enterprise organizations is changing everything.