SlideShare a Scribd company logo

Effective collaboration with ethical hackers community

Система електронних державних закупівель Prozorro
Система електронних державних закупівель Prozorro

Effective collaboration with ethical hackers community

Business
1 of 18
Download to read offline
Effective collaboration with ethical hackers community Evgenia Broshevan, CEO of HackenProof October 2nd, 2019
Trends 3.5 million unfulfilled security positions worldwide by 2021. Cyber incidents are leading global business risks in 2019. By 2022, automated and Crowdsourced Security Testing Platform products and services will be employed by more than 50% of enterprises, up from less than 5% today.
How can a hacker contact you?
External Feedback
Vulnerability Disclosure Policy ● Guidelines for vulnerability disclosure ● See something? Say something! ● No cash rewards ● Independent researchers ● Various backgrounds ● Ongoing ● Compliance (ISO 29147, ISO 30111) Penetration Testing ● Traditional approach ● Consulting arrangement ● Fixed project price ● Limited in number of researchers ● Limited in skills ● Limited in time ● Compensation based on process Bug Bounty Program ● Crowdsourced approach ● Terms and Conditions ● Cash rewards ● Hundreds of researchers ● Various backgrounds ● Ongoing ● Compensation based on bugs Security Measures
Where does it fit? * based on “The Building Security in Maturity Model” by Gary McGraw, Ph.D., Sammy Migues, and Jacob West
Based on ENISA report “Economics of vulnerability disclosure* based on “Economics of vulnerability disclosure” by Erik Silfversten, William Phillips, Giacomo Persi Paoli (RAND Europe) and Cosmin Ciobanu (ENISA)
Types of Crowdsourced Security Type/Feature Responsible Disclosure Public Bounty Private Bounty Time Bound Bounty Live Hacking Incentive Recognition Monetary Monetary Monetary Monetary Access Public Public Private Private/Public Private Scope Full Coverage Full Coverage Full/Partial Coverage Specific Target Full Coverage Duration Continuous Continuous Continuous 1-2 months 1-3 days
Bug Bounty History 93% of the Forbes Global 2000 have no public way to report a vulnerability
Auto industry Financial services Banks Security utilities Tech Social networks Bug Bounty Across Industries
Vulnerability Disclosure in Government Sector Country Dates Type Hackers Bugs Bounty Budget USA March 2016 - now Bug Bounty 1400 3,000 $330,000 Singapore December 2018 - January 2019 Bug Bounty 400 26 $11,750 Switzerland February 2019 - March 2019 Bug Bounty 1000+ 67 $150,000 European Union January 2019 - now Bug Bounty 100+ 200+ $973,000 Netherlands January 2013 - now VDP United Kingdom November 2018 - now VDP France Announced
Bug Bounty in Ukraine
Live Hacking Events Events: ~28 Payouts: ~ 5+ mln 1 Day Rewards: 1+mln$ 1 Bug Reward: 500K$
Live Hacking Events in Ukraine Kharkiv 25 hackers 4 companies 60 reports 2017 2018 Kyiv 25 hackers 3 companies 102 reports 2019 Kyiv 12 hackers 1 company 54 reports
Myth # 1: Hackers can’t be trusted Myth # 2: Some important data can be stolen during a bug bounty program Myth # 3: Bug bounty programs attract additional attention from hackers Myth # 4: Bug bounty program is a very risky action Myths and Facts
Why Think About Bug Bounty Today Eliminate critical vulnerabilities from your product Learn what hackers know about your software and security Reduce the risk of cybercriminals by using ethical hackers to find bugs first Get continuous feedback about your security
Evgenia Broshevan CEO of HackenProof e.broshevan@hackenproof.com @jerh17 Be proactive, not reactive!

Recommended

Microsoft john weigelt 2016
Microsoft john weigelt 2016Microsoft john weigelt 2016
Microsoft john weigelt 2016ColloqueRISQ
 
Preparing for the Inevitable
Preparing for the InevitablePreparing for the Inevitable
Preparing for the InevitableOmoniyiAnimasaun
 
Canarie kathryn anthonisen 16 9 rev
Canarie kathryn anthonisen 16 9 revCanarie kathryn anthonisen 16 9 rev
Canarie kathryn anthonisen 16 9 revColloqueRISQ
 
Why Cisco-for-Security
Why Cisco-for-SecurityWhy Cisco-for-Security
Why Cisco-for-SecurityE.S.G. JR. Consulting, Inc.
 
2019 08-27 sikkerhetsfestivalen-cloud_security_infinitystones_present_en
2019 08-27 sikkerhetsfestivalen-cloud_security_infinitystones_present_en2019 08-27 sikkerhetsfestivalen-cloud_security_infinitystones_present_en
2019 08-27 sikkerhetsfestivalen-cloud_security_infinitystones_present_enMonica Verma
 
Cybersecurity 2020: Your Biggest Threats and How You Can Prevent Them
Cybersecurity 2020: Your Biggest Threats and How You Can Prevent Them Cybersecurity 2020: Your Biggest Threats and How You Can Prevent Them
Cybersecurity 2020: Your Biggest Threats and How You Can Prevent Them SrikanthRaju7
 
Cybersecurity Webinar for Small Business
Cybersecurity Webinar for Small BusinessCybersecurity Webinar for Small Business
Cybersecurity Webinar for Small BusinessChad Gniffke
 
2018 Cybersecurity Predictions
2018 Cybersecurity Predictions2018 Cybersecurity Predictions
2018 Cybersecurity PredictionsNyotron
 

Recommended

Microsoft john weigelt 2016
Microsoft john weigelt 2016Microsoft john weigelt 2016
Microsoft john weigelt 2016ColloqueRISQ
 
Preparing for the Inevitable
Preparing for the InevitablePreparing for the Inevitable
Preparing for the InevitableOmoniyiAnimasaun
 
Canarie kathryn anthonisen 16 9 rev
Canarie kathryn anthonisen 16 9 revCanarie kathryn anthonisen 16 9 rev
Canarie kathryn anthonisen 16 9 revColloqueRISQ
 
Why Cisco-for-Security
Why Cisco-for-SecurityWhy Cisco-for-Security
Why Cisco-for-SecurityE.S.G. JR. Consulting, Inc.
 
2019 08-27 sikkerhetsfestivalen-cloud_security_infinitystones_present_en
2019 08-27 sikkerhetsfestivalen-cloud_security_infinitystones_present_en2019 08-27 sikkerhetsfestivalen-cloud_security_infinitystones_present_en
2019 08-27 sikkerhetsfestivalen-cloud_security_infinitystones_present_enMonica Verma
 
Cybersecurity 2020: Your Biggest Threats and How You Can Prevent Them
Cybersecurity 2020: Your Biggest Threats and How You Can Prevent Them Cybersecurity 2020: Your Biggest Threats and How You Can Prevent Them
Cybersecurity 2020: Your Biggest Threats and How You Can Prevent Them SrikanthRaju7
 
Cybersecurity Webinar for Small Business
Cybersecurity Webinar for Small BusinessCybersecurity Webinar for Small Business
Cybersecurity Webinar for Small BusinessChad Gniffke
 
2018 Cybersecurity Predictions
2018 Cybersecurity Predictions2018 Cybersecurity Predictions
2018 Cybersecurity PredictionsNyotron
 
State of Cybersecurity in 2018 - Our Top Predictions
State of Cybersecurity in 2018 - Our Top PredictionsState of Cybersecurity in 2018 - Our Top Predictions
State of Cybersecurity in 2018 - Our Top PredictionsComodo SSL Store
 
CSS 2018 Trivia
CSS 2018 TriviaCSS 2018 Trivia
CSS 2018 TriviaAlert Logic
 
Infographic: The crippled state of network security
Infographic: The crippled state of network securityInfographic: The crippled state of network security
Infographic: The crippled state of network securityGreat Bay Software
 
brochure
brochurebrochure
brochureAri Järvinen
 
118 Hacker-Powered Facts From The 2018 Hacker-Powered Security Report
118 Hacker-Powered Facts From The 2018 Hacker-Powered Security Report118 Hacker-Powered Facts From The 2018 Hacker-Powered Security Report
118 Hacker-Powered Facts From The 2018 Hacker-Powered Security ReportHackerOne
 
Strategies to combat new, innovative cyber threats in 2019
Strategies to combat new, innovative cyber threats in 2019Strategies to combat new, innovative cyber threats in 2019
Strategies to combat new, innovative cyber threats in 2019SrikanthRaju7
 
Ci2 cyber insurance presentation
Ci2 cyber insurance presentationCi2 cyber insurance presentation
Ci2 cyber insurance presentationEthan S. Burger
 
50+ facts about State of CyberSecurity in 2015
50+ facts about State of CyberSecurity in 201550+ facts about State of CyberSecurity in 2015
50+ facts about State of CyberSecurity in 2015Marcos Ortiz Valmaseda
 
Ciberseguridad: Enemigos o defraudadores (MAGISTRAL)
Ciberseguridad: Enemigos o defraudadores (MAGISTRAL)Ciberseguridad: Enemigos o defraudadores (MAGISTRAL)
Ciberseguridad: Enemigos o defraudadores (MAGISTRAL)Cristian Garcia G.
 
Tripwire University Boot Camp – Economy of Bad
Tripwire University Boot Camp – Economy of BadTripwire University Boot Camp – Economy of Bad
Tripwire University Boot Camp – Economy of BadTripwire
 
Tripwire University Boot Camp – The Shifting Landscape: Know Your Battlefield
Tripwire University Boot Camp – The Shifting Landscape: Know Your BattlefieldTripwire University Boot Camp – The Shifting Landscape: Know Your Battlefield
Tripwire University Boot Camp – The Shifting Landscape: Know Your BattlefieldTripwire
 
Cisco 2018, Annual Cybersecurity Report
Cisco 2018, Annual Cybersecurity ReportCisco 2018, Annual Cybersecurity Report
Cisco 2018, Annual Cybersecurity ReportGeneva Business School Myanmar Campus
 
1530 track1 ulinski
1530 track1 ulinski1530 track1 ulinski
1530 track1 ulinskiRising Media, Inc.
 
QTS Datacenters-Cyber Security infographic
QTS Datacenters-Cyber Security infographicQTS Datacenters-Cyber Security infographic
QTS Datacenters-Cyber Security infographicMichelle Belnap
 
Cyber threat forecast 2018..
Cyber threat forecast 2018..Cyber threat forecast 2018..
Cyber threat forecast 2018..Bolaji James Bankole CCSS,CEH,MCSA,MCSE,MCP,CCNA,
 
Graph Intelligence: The Essentials for Cybersecurity
Graph Intelligence: The Essentials for CybersecurityGraph Intelligence: The Essentials for Cybersecurity
Graph Intelligence: The Essentials for CybersecurityNeo4j
 
2019 CYBER SECURITY TRENDS REPORT REVIEW
2019 CYBER SECURITY TRENDS REPORT REVIEW2019 CYBER SECURITY TRENDS REPORT REVIEW
2019 CYBER SECURITY TRENDS REPORT REVIEWSylvain Martinez
 
Istr number 23 internet security threat repor 2018 symantec
Istr number 23 internet security threat repor 2018 symantecIstr number 23 internet security threat repor 2018 symantec
Istr number 23 internet security threat repor 2018 symantecSoluciona Facil
 
How to prevent data leaks with application security testing strategy
How to prevent data leaks with application security testing strategyHow to prevent data leaks with application security testing strategy
How to prevent data leaks with application security testing strategyCigniti Technologies Ltd
 
2017 Data Breach Investigations Report
2017 Data Breach Investigations Report2017 Data Breach Investigations Report
2017 Data Breach Investigations Report- Mark - Fullbright
 
HACKER-POWERED SECURITY REPORT
HACKER-POWERED SECURITY REPORT HACKER-POWERED SECURITY REPORT
HACKER-POWERED SECURITY REPORT E.S.G. JR. Consulting, Inc.
 
CSE 2016 Future of Cyber Security by Matthew Rosenquist
CSE 2016 Future of Cyber Security by Matthew RosenquistCSE 2016 Future of Cyber Security by Matthew Rosenquist
CSE 2016 Future of Cyber Security by Matthew RosenquistMatthew Rosenquist
 

More Related Content

What's hot

State of Cybersecurity in 2018 - Our Top Predictions
State of Cybersecurity in 2018 - Our Top PredictionsState of Cybersecurity in 2018 - Our Top Predictions
State of Cybersecurity in 2018 - Our Top PredictionsComodo SSL Store
 
Infographic: The crippled state of network security
Infographic: The crippled state of network securityInfographic: The crippled state of network security
Infographic: The crippled state of network securityGreat Bay Software
 
118 Hacker-Powered Facts From The 2018 Hacker-Powered Security Report
118 Hacker-Powered Facts From The 2018 Hacker-Powered Security Report118 Hacker-Powered Facts From The 2018 Hacker-Powered Security Report
118 Hacker-Powered Facts From The 2018 Hacker-Powered Security ReportHackerOne
 
Strategies to combat new, innovative cyber threats in 2019
Strategies to combat new, innovative cyber threats in 2019Strategies to combat new, innovative cyber threats in 2019
Strategies to combat new, innovative cyber threats in 2019SrikanthRaju7
 
Ci2 cyber insurance presentation
Ci2 cyber insurance presentationCi2 cyber insurance presentation
Ci2 cyber insurance presentationEthan S. Burger
 
50+ facts about State of CyberSecurity in 2015
50+ facts about State of CyberSecurity in 201550+ facts about State of CyberSecurity in 2015
50+ facts about State of CyberSecurity in 2015Marcos Ortiz Valmaseda
 
Ciberseguridad: Enemigos o defraudadores (MAGISTRAL)
Ciberseguridad: Enemigos o defraudadores (MAGISTRAL)Ciberseguridad: Enemigos o defraudadores (MAGISTRAL)
Ciberseguridad: Enemigos o defraudadores (MAGISTRAL)Cristian Garcia G.
 
Tripwire University Boot Camp – Economy of Bad
Tripwire University Boot Camp – Economy of BadTripwire University Boot Camp – Economy of Bad
Tripwire University Boot Camp – Economy of BadTripwire
 
Tripwire University Boot Camp – The Shifting Landscape: Know Your Battlefield
Tripwire University Boot Camp – The Shifting Landscape: Know Your BattlefieldTripwire University Boot Camp – The Shifting Landscape: Know Your Battlefield
Tripwire University Boot Camp – The Shifting Landscape: Know Your BattlefieldTripwire
 
QTS Datacenters-Cyber Security infographic
QTS Datacenters-Cyber Security infographicQTS Datacenters-Cyber Security infographic
QTS Datacenters-Cyber Security infographicMichelle Belnap
 
Graph Intelligence: The Essentials for Cybersecurity
Graph Intelligence: The Essentials for CybersecurityGraph Intelligence: The Essentials for Cybersecurity
Graph Intelligence: The Essentials for CybersecurityNeo4j
 
2019 CYBER SECURITY TRENDS REPORT REVIEW
2019 CYBER SECURITY TRENDS REPORT REVIEW2019 CYBER SECURITY TRENDS REPORT REVIEW
2019 CYBER SECURITY TRENDS REPORT REVIEWSylvain Martinez
 
Istr number 23 internet security threat repor 2018 symantec
Istr number 23 internet security threat repor 2018 symantecIstr number 23 internet security threat repor 2018 symantec
Istr number 23 internet security threat repor 2018 symantecSoluciona Facil
 
How to prevent data leaks with application security testing strategy
How to prevent data leaks with application security testing strategyHow to prevent data leaks with application security testing strategy
How to prevent data leaks with application security testing strategyCigniti Technologies Ltd
 
2017 Data Breach Investigations Report
2017 Data Breach Investigations Report2017 Data Breach Investigations Report
2017 Data Breach Investigations Report- Mark - Fullbright
 

What's hot (20)

State of Cybersecurity in 2018 - Our Top Predictions
State of Cybersecurity in 2018 - Our Top PredictionsState of Cybersecurity in 2018 - Our Top Predictions
State of Cybersecurity in 2018 - Our Top Predictions
 
CSS 2018 Trivia
CSS 2018 TriviaCSS 2018 Trivia
CSS 2018 Trivia
 
Infographic: The crippled state of network security
Infographic: The crippled state of network securityInfographic: The crippled state of network security
Infographic: The crippled state of network security
 
brochure
brochurebrochure
brochure
 
118 Hacker-Powered Facts From The 2018 Hacker-Powered Security Report
118 Hacker-Powered Facts From The 2018 Hacker-Powered Security Report118 Hacker-Powered Facts From The 2018 Hacker-Powered Security Report
118 Hacker-Powered Facts From The 2018 Hacker-Powered Security Report
 
Strategies to combat new, innovative cyber threats in 2019
Strategies to combat new, innovative cyber threats in 2019Strategies to combat new, innovative cyber threats in 2019
Strategies to combat new, innovative cyber threats in 2019
 
Ci2 cyber insurance presentation
Ci2 cyber insurance presentationCi2 cyber insurance presentation
Ci2 cyber insurance presentation
 
50+ facts about State of CyberSecurity in 2015
50+ facts about State of CyberSecurity in 201550+ facts about State of CyberSecurity in 2015
50+ facts about State of CyberSecurity in 2015
 
Ciberseguridad: Enemigos o defraudadores (MAGISTRAL)
Ciberseguridad: Enemigos o defraudadores (MAGISTRAL)Ciberseguridad: Enemigos o defraudadores (MAGISTRAL)
Ciberseguridad: Enemigos o defraudadores (MAGISTRAL)
 
Tripwire University Boot Camp – Economy of Bad
Tripwire University Boot Camp – Economy of BadTripwire University Boot Camp – Economy of Bad
Tripwire University Boot Camp – Economy of Bad
 
Tripwire University Boot Camp – The Shifting Landscape: Know Your Battlefield
Tripwire University Boot Camp – The Shifting Landscape: Know Your BattlefieldTripwire University Boot Camp – The Shifting Landscape: Know Your Battlefield
Tripwire University Boot Camp – The Shifting Landscape: Know Your Battlefield
 
Cisco 2018, Annual Cybersecurity Report
Cisco 2018, Annual Cybersecurity ReportCisco 2018, Annual Cybersecurity Report
Cisco 2018, Annual Cybersecurity Report
 
1530 track1 ulinski
1530 track1 ulinski1530 track1 ulinski
1530 track1 ulinski
 
QTS Datacenters-Cyber Security infographic
QTS Datacenters-Cyber Security infographicQTS Datacenters-Cyber Security infographic
QTS Datacenters-Cyber Security infographic
 
Cyber threat forecast 2018..
Cyber threat forecast 2018..Cyber threat forecast 2018..
Cyber threat forecast 2018..
 
Graph Intelligence: The Essentials for Cybersecurity
Graph Intelligence: The Essentials for CybersecurityGraph Intelligence: The Essentials for Cybersecurity
Graph Intelligence: The Essentials for Cybersecurity
 
2019 CYBER SECURITY TRENDS REPORT REVIEW
2019 CYBER SECURITY TRENDS REPORT REVIEW2019 CYBER SECURITY TRENDS REPORT REVIEW
2019 CYBER SECURITY TRENDS REPORT REVIEW
 
Istr number 23 internet security threat repor 2018 symantec
Istr number 23 internet security threat repor 2018 symantecIstr number 23 internet security threat repor 2018 symantec
Istr number 23 internet security threat repor 2018 symantec
 
How to prevent data leaks with application security testing strategy
How to prevent data leaks with application security testing strategyHow to prevent data leaks with application security testing strategy
How to prevent data leaks with application security testing strategy
 
2017 Data Breach Investigations Report
2017 Data Breach Investigations Report2017 Data Breach Investigations Report
2017 Data Breach Investigations Report
 

Similar to Effective collaboration with ethical hackers community

CSE 2016 Future of Cyber Security by Matthew Rosenquist
CSE 2016 Future of Cyber Security by Matthew RosenquistCSE 2016 Future of Cyber Security by Matthew Rosenquist
CSE 2016 Future of Cyber Security by Matthew RosenquistMatthew Rosenquist
 
Presenting and persuading with data
Presenting and persuading with dataPresenting and persuading with data
Presenting and persuading with dataEstrella Spaans
 
FORUM 2013 Cyber Risks - not just a domain for IT
FORUM 2013 Cyber Risks - not just a domain for ITFORUM 2013 Cyber Risks - not just a domain for IT
FORUM 2013 Cyber Risks - not just a domain for ITFERMA
 
Accounting for Cyber Risks - How much does Cyber actually cost the Industry?
Accounting for Cyber Risks - How much does Cyber actually cost the Industry?Accounting for Cyber Risks - How much does Cyber actually cost the Industry?
Accounting for Cyber Risks - How much does Cyber actually cost the Industry?Jef Lacson
 
Aon Cyber Newsletter v10
Aon Cyber Newsletter v10Aon Cyber Newsletter v10
Aon Cyber Newsletter v10Graeme Cross
 
Cyber risk reporting aicpa framework
Cyber risk reporting aicpa frameworkCyber risk reporting aicpa framework
Cyber risk reporting aicpa frameworkJames Deiotte
 
The Digital Insurer Award - Hanover Re (cyber)
The Digital Insurer Award - Hanover Re (cyber)The Digital Insurer Award - Hanover Re (cyber)
The Digital Insurer Award - Hanover Re (cyber)The Digital Insurer
 
2018 State of Cyber Resilience for Insurance
2018 State of Cyber Resilience for Insurance2018 State of Cyber Resilience for Insurance
2018 State of Cyber Resilience for InsuranceAccenture Insurance
 
Combating Cybersecurity Challenges with Advanced Analytics
Combating Cybersecurity Challenges with Advanced AnalyticsCombating Cybersecurity Challenges with Advanced Analytics
Combating Cybersecurity Challenges with Advanced AnalyticsCognizant
 
PandaLabs Reveals its Predictions for Cybersecurity Trends in 2018
PandaLabs Reveals its Predictions for Cybersecurity Trends in 2018PandaLabs Reveals its Predictions for Cybersecurity Trends in 2018
PandaLabs Reveals its Predictions for Cybersecurity Trends in 2018Panda Security
 
Top 10 cybersecurity predictions for 2016 by Matthew Rosenquist
Top 10 cybersecurity predictions for 2016 by Matthew RosenquistTop 10 cybersecurity predictions for 2016 by Matthew Rosenquist
Top 10 cybersecurity predictions for 2016 by Matthew RosenquistMatthew Rosenquist
 
2015 Global Threat Intelligence Report
2015 Global Threat Intelligence Report2015 Global Threat Intelligence Report
2015 Global Threat Intelligence ReportDImension Data
 
Cybersecurity Challenges in Retail 2020: How to Prevent Retail Theft
Cybersecurity Challenges in Retail 2020: How to Prevent Retail TheftCybersecurity Challenges in Retail 2020: How to Prevent Retail Theft
Cybersecurity Challenges in Retail 2020: How to Prevent Retail TheftIntellias
 
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...International Federation of Accountants
 
Can We Avert A Cyber-Insurance Market Crisis?
Can We Avert A Cyber-Insurance Market Crisis?Can We Avert A Cyber-Insurance Market Crisis?
Can We Avert A Cyber-Insurance Market Crisis?Ethan S. Burger
 
Key note in nyc the next breach target and how oracle can help - nyoug
Key note in nyc the next breach target and how oracle can help - nyougKey note in nyc the next breach target and how oracle can help - nyoug
Key note in nyc the next breach target and how oracle can help - nyougUlf Mattsson
 

Similar to Effective collaboration with ethical hackers community (20)

HACKER-POWERED SECURITY REPORT
HACKER-POWERED SECURITY REPORT HACKER-POWERED SECURITY REPORT
HACKER-POWERED SECURITY REPORT
 
CSE 2016 Future of Cyber Security by Matthew Rosenquist
CSE 2016 Future of Cyber Security by Matthew RosenquistCSE 2016 Future of Cyber Security by Matthew Rosenquist
CSE 2016 Future of Cyber Security by Matthew Rosenquist
 
Presenting and persuading with data
Presenting and persuading with dataPresenting and persuading with data
Presenting and persuading with data
 
FORUM 2013 Cyber Risks - not just a domain for IT
FORUM 2013 Cyber Risks - not just a domain for ITFORUM 2013 Cyber Risks - not just a domain for IT
FORUM 2013 Cyber Risks - not just a domain for IT
 
Accounting for Cyber Risks - How much does Cyber actually cost the Industry?
Accounting for Cyber Risks - How much does Cyber actually cost the Industry?Accounting for Cyber Risks - How much does Cyber actually cost the Industry?
Accounting for Cyber Risks - How much does Cyber actually cost the Industry?
 
Security Industry Overview
Security Industry OverviewSecurity Industry Overview
Security Industry Overview
 
Aon Cyber Newsletter v10
Aon Cyber Newsletter v10Aon Cyber Newsletter v10
Aon Cyber Newsletter v10
 
Cyber risk reporting aicpa framework
Cyber risk reporting aicpa frameworkCyber risk reporting aicpa framework
Cyber risk reporting aicpa framework
 
The Digital Insurer Award - Hanover Re (cyber)
The Digital Insurer Award - Hanover Re (cyber)The Digital Insurer Award - Hanover Re (cyber)
The Digital Insurer Award - Hanover Re (cyber)
 
2018 State of Cyber Resilience for Insurance
2018 State of Cyber Resilience for Insurance2018 State of Cyber Resilience for Insurance
2018 State of Cyber Resilience for Insurance
 
Combating Cybersecurity Challenges with Advanced Analytics
Combating Cybersecurity Challenges with Advanced AnalyticsCombating Cybersecurity Challenges with Advanced Analytics
Combating Cybersecurity Challenges with Advanced Analytics
 
PandaLabs Reveals its Predictions for Cybersecurity Trends in 2018
PandaLabs Reveals its Predictions for Cybersecurity Trends in 2018PandaLabs Reveals its Predictions for Cybersecurity Trends in 2018
PandaLabs Reveals its Predictions for Cybersecurity Trends in 2018
 
Top 10 cybersecurity predictions for 2016 by Matthew Rosenquist
Top 10 cybersecurity predictions for 2016 by Matthew RosenquistTop 10 cybersecurity predictions for 2016 by Matthew Rosenquist
Top 10 cybersecurity predictions for 2016 by Matthew Rosenquist
 
2015 Global Threat Intelligence Report
2015 Global Threat Intelligence Report2015 Global Threat Intelligence Report
2015 Global Threat Intelligence Report
 
Cybersecurity Challenges in Retail 2020: How to Prevent Retail Theft
Cybersecurity Challenges in Retail 2020: How to Prevent Retail TheftCybersecurity Challenges in Retail 2020: How to Prevent Retail Theft
Cybersecurity Challenges in Retail 2020: How to Prevent Retail Theft
 
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
 
Can We Avert A Cyber-Insurance Market Crisis?
Can We Avert A Cyber-Insurance Market Crisis?Can We Avert A Cyber-Insurance Market Crisis?
Can We Avert A Cyber-Insurance Market Crisis?
 
Countering Cyber Threats
Countering Cyber ThreatsCountering Cyber Threats
Countering Cyber Threats
 
Key note in nyc the next breach target and how oracle can help - nyoug
Key note in nyc the next breach target and how oracle can help - nyougKey note in nyc the next breach target and how oracle can help - nyoug
Key note in nyc the next breach target and how oracle can help - nyoug
 
Get Prepared
Get PreparedGet Prepared
Get Prepared
 

More from Система електронних державних закупівель Prozorro

More from Система електронних державних закупівель Prozorro (20)

Закупівлі під час воєнного стану: Закон чи Постанова
Закупівлі під час воєнного стану: Закон чи ПостановаЗакупівлі під час воєнного стану: Закон чи Постанова
Закупівлі під час воєнного стану: Закон чи Постанова
 
Помилки та порушення закупівельників під час воєнного стану
Помилки та порушення закупівельників під час воєнного стануПомилки та порушення закупівельників під час воєнного стану
Помилки та порушення закупівельників під час воєнного стану
 
Як працювати з державними замовниками під час війни
Як працювати з державними замовниками під час війниЯк працювати з державними замовниками під час війни
Як працювати з державними замовниками під час війни
 
Відповідальність у період воєнного стану
Відповідальність у період воєнного стануВідповідальність у період воєнного стану
Відповідальність у період воєнного стану
 
Публічні закупівлі в умовах воєнного стану
Публічні закупівлі в умовах воєнного стануПублічні закупівлі в умовах воєнного стану
Публічні закупівлі в умовах воєнного стану
 
Як користуватися новою платформою Prozorro+
Як користуватися новою платформою Prozorro+Як користуватися новою платформою Prozorro+
Як користуватися новою платформою Prozorro+
 
Проблеми Замовників під час війни
Проблеми Замовників під час війниПроблеми Замовників під час війни
Проблеми Замовників під час війни
 
Договір про закупівлю
Договір про закупівлюДоговір про закупівлю
Договір про закупівлю
 
Планування закупівель у 2022-му році
Планування закупівель у 2022-му роціПланування закупівель у 2022-му році
Планування закупівель у 2022-му році
 
Електронні документи та електронний підпис в публічних закупівлях
Електронні документи та електронний підпис в публічних закупівляхЕлектронні документи та електронний підпис в публічних закупівлях
Електронні документи та електронний підпис в публічних закупівлях
 
Закупівлі за тимчасовим та постійним кошторисом
Закупівлі за тимчасовим та постійним кошторисомЗакупівлі за тимчасовим та постійним кошторисом
Закупівлі за тимчасовим та постійним кошторисом
 
Prozorro Market для замовників
Prozorro Market для замовниківProzorro Market для замовників
Prozorro Market для замовників
 
Результати роботи ДП "Прозорро" у 2021 році
Результати роботи ДП "Прозорро" у 2021 роціРезультати роботи ДП "Прозорро" у 2021 році
Результати роботи ДП "Прозорро" у 2021 році
 
Робота департаменту сфери публічних закупівель у 2021 році
Робота департаменту сфери публічних закупівель у 2021 роціРобота департаменту сфери публічних закупівель у 2021 році
Робота департаменту сфери публічних закупівель у 2021 році
 
Звіти та переговорні процедури наприкінці року
Звіти та переговорні процедури наприкінці рокуЗвіти та переговорні процедури наприкінці року
Звіти та переговорні процедури наприкінці року
 
Оскарження умов тендерної документації
Оскарження умов тендерної документаціїОскарження умов тендерної документації
Оскарження умов тендерної документації
 
Особливості закупівель природного газу
Особливості закупівель природного газуОсобливості закупівель природного газу
Особливості закупівель природного газу
 
Як змінилося оскарження та поради замовникам, як уникати підстав для скарг
Як змінилося оскарження та поради замовникам, як уникати підстав для скаргЯк змінилося оскарження та поради замовникам, як уникати підстав для скарг
Як змінилося оскарження та поради замовникам, як уникати підстав для скарг
 
Як аналізувати свою роботу та запобігати помилкам у bi.prozorro.org
Як аналізувати свою роботу та запобігати помилкам у bi.prozorro.orgЯк аналізувати свою роботу та запобігати помилкам у bi.prozorro.org
Як аналізувати свою роботу та запобігати помилкам у bi.prozorro.org
 
Як закупити електроенергію та забезпечити безперебійність її постачання
Як закупити електроенергію та забезпечити безперебійність її постачанняЯк закупити електроенергію та забезпечити безперебійність її постачання
Як закупити електроенергію та забезпечити безперебійність її постачання
 

Recently uploaded

The CMO Survey - Highlights and Insights Report - Spring 2024
The CMO Survey - Highlights and Insights Report - Spring 2024The CMO Survey - Highlights and Insights Report - Spring 2024
The CMO Survey - Highlights and Insights Report - Spring 2024christinemoorman
 
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Lviv Startup Club
 
7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...Paul Menig
 
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Delhi Call girls
 
Catalogue ONG NUOC PPR DE NHAT .pdf
Catalogue ONG NUOC PPR DE NHAT .pdfCatalogue ONG NUOC PPR DE NHAT .pdf
Catalogue ONG NUOC PPR DE NHAT .pdfOrient Homes
 
Monthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxMonthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxAndy Lambert
 
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRLMONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRLSeo
 
Cash Payment 9602870969 Escort Service in Udaipur Call Girls
Cash Payment 9602870969 Escort Service in Udaipur Call GirlsCash Payment 9602870969 Escort Service in Udaipur Call Girls
Cash Payment 9602870969 Escort Service in Udaipur Call GirlsApsara Of India
 
Regression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRegression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRavindra Nath Shukla
 
Sales & Marketing Alignment: How to Synergize for Success
Sales & Marketing Alignment: How to Synergize for SuccessSales & Marketing Alignment: How to Synergize for Success
Sales & Marketing Alignment: How to Synergize for SuccessAggregage
 
Keppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation SlidesKeppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation SlidesKeppelCorporation
 
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...anilsa9823
 
GD Birla and his contribution in management
GD Birla and his contribution in managementGD Birla and his contribution in management
GD Birla and his contribution in managementchhavia330
 
DEPED Work From Home WORKWEEK-PLAN.docx
DEPED Work From Home WORKWEEK-PLAN.docxDEPED Work From Home WORKWEEK-PLAN.docx
DEPED Work From Home WORKWEEK-PLAN.docxRodelinaLaud
 
BEST ✨ Call Girls In Indirapuram Ghaziabad ✔️ 9871031762 ✔️ Escorts Service...
BEST ✨ Call Girls In Indirapuram Ghaziabad ✔️ 9871031762 ✔️ Escorts Service...BEST ✨ Call Girls In Indirapuram Ghaziabad ✔️ 9871031762 ✔️ Escorts Service...
BEST ✨ Call Girls In Indirapuram Ghaziabad ✔️ 9871031762 ✔️ Escorts Service...noida100girls
 
It will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayIt will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayNZSG
 
Pharma Works Profile of Karan Communications
Pharma Works Profile of Karan CommunicationsPharma Works Profile of Karan Communications
Pharma Works Profile of Karan Communicationskarancommunications
 
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature SetCreating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature SetDenis Gagné
 
Call Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room ServiceCall Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room Servicediscovermytutordmt
 

Recently uploaded (20)

The CMO Survey - Highlights and Insights Report - Spring 2024
The CMO Survey - Highlights and Insights Report - Spring 2024The CMO Survey - Highlights and Insights Report - Spring 2024
The CMO Survey - Highlights and Insights Report - Spring 2024
 
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
 
Forklift Operations: Safety through Cartoons
Forklift Operations: Safety through CartoonsForklift Operations: Safety through Cartoons
Forklift Operations: Safety through Cartoons
 
7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...
 
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
 
Catalogue ONG NUOC PPR DE NHAT .pdf
Catalogue ONG NUOC PPR DE NHAT .pdfCatalogue ONG NUOC PPR DE NHAT .pdf
Catalogue ONG NUOC PPR DE NHAT .pdf
 
Monthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxMonthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptx
 
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRLMONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
 
Cash Payment 9602870969 Escort Service in Udaipur Call Girls
Cash Payment 9602870969 Escort Service in Udaipur Call GirlsCash Payment 9602870969 Escort Service in Udaipur Call Girls
Cash Payment 9602870969 Escort Service in Udaipur Call Girls
 
Regression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRegression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear Regression
 
Sales & Marketing Alignment: How to Synergize for Success
Sales & Marketing Alignment: How to Synergize for SuccessSales & Marketing Alignment: How to Synergize for Success
Sales & Marketing Alignment: How to Synergize for Success
 
Keppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation SlidesKeppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation Slides
 
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
 
GD Birla and his contribution in management
GD Birla and his contribution in managementGD Birla and his contribution in management
GD Birla and his contribution in management
 
DEPED Work From Home WORKWEEK-PLAN.docx
DEPED Work From Home WORKWEEK-PLAN.docxDEPED Work From Home WORKWEEK-PLAN.docx
DEPED Work From Home WORKWEEK-PLAN.docx
 
BEST ✨ Call Girls In Indirapuram Ghaziabad ✔️ 9871031762 ✔️ Escorts Service...
BEST ✨ Call Girls In Indirapuram Ghaziabad ✔️ 9871031762 ✔️ Escorts Service...BEST ✨ Call Girls In Indirapuram Ghaziabad ✔️ 9871031762 ✔️ Escorts Service...
BEST ✨ Call Girls In Indirapuram Ghaziabad ✔️ 9871031762 ✔️ Escorts Service...
 
It will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayIt will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 May
 
Pharma Works Profile of Karan Communications
Pharma Works Profile of Karan CommunicationsPharma Works Profile of Karan Communications
Pharma Works Profile of Karan Communications
 
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature SetCreating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
 
Call Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room ServiceCall Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room Service
 

Effective collaboration with ethical hackers community

  • 1. Effective collaboration with ethical hackers community Evgenia Broshevan, CEO of HackenProof October 2nd, 2019
  • 2.
  • 3. Trends 3.5 million unfulfilled security positions worldwide by 2021. Cyber incidents are leading global business risks in 2019. By 2022, automated and Crowdsourced Security Testing Platform products and services will be employed by more than 50% of enterprises, up from less than 5% today.
  • 4. How can a hacker contact you?
  • 6. Vulnerability Disclosure Policy ● Guidelines for vulnerability disclosure ● See something? Say something! ● No cash rewards ● Independent researchers ● Various backgrounds ● Ongoing ● Compliance (ISO 29147, ISO 30111) Penetration Testing ● Traditional approach ● Consulting arrangement ● Fixed project price ● Limited in number of researchers ● Limited in skills ● Limited in time ● Compensation based on process Bug Bounty Program ● Crowdsourced approach ● Terms and Conditions ● Cash rewards ● Hundreds of researchers ● Various backgrounds ● Ongoing ● Compensation based on bugs Security Measures
  • 7. Where does it fit? * based on “The Building Security in Maturity Model” by Gary McGraw, Ph.D., Sammy Migues, and Jacob West
  • 8. Based on ENISA report “Economics of vulnerability disclosure* based on “Economics of vulnerability disclosure” by Erik Silfversten, William Phillips, Giacomo Persi Paoli (RAND Europe) and Cosmin Ciobanu (ENISA)
  • 9. Types of Crowdsourced Security Type/Feature Responsible Disclosure Public Bounty Private Bounty Time Bound Bounty Live Hacking Incentive Recognition Monetary Monetary Monetary Monetary Access Public Public Private Private/Public Private Scope Full Coverage Full Coverage Full/Partial Coverage Specific Target Full Coverage Duration Continuous Continuous Continuous 1-2 months 1-3 days
  • 10. Bug Bounty History 93% of the Forbes Global 2000 have no public way to report a vulnerability
  • 12. Vulnerability Disclosure in Government Sector Country Dates Type Hackers Bugs Bounty Budget USA March 2016 - now Bug Bounty 1400 3,000 $330,000 Singapore December 2018 - January 2019 Bug Bounty 400 26 $11,750 Switzerland February 2019 - March 2019 Bug Bounty 1000+ 67 $150,000 European Union January 2019 - now Bug Bounty 100+ 200+ $973,000 Netherlands January 2013 - now VDP United Kingdom November 2018 - now VDP France Announced
  • 13. Bug Bounty in Ukraine
  • 14. Live Hacking Events Events: ~28 Payouts: ~ 5+ mln 1 Day Rewards: 1+mln$ 1 Bug Reward: 500K$
  • 15. Live Hacking Events in Ukraine Kharkiv 25 hackers 4 companies 60 reports 2017 2018 Kyiv 25 hackers 3 companies 102 reports 2019 Kyiv 12 hackers 1 company 54 reports
  • 16. Myth # 1: Hackers can’t be trusted Myth # 2: Some important data can be stolen during a bug bounty program Myth # 3: Bug bounty programs attract additional attention from hackers Myth # 4: Bug bounty program is a very risky action Myths and Facts
  • 17. Why Think About Bug Bounty Today Eliminate critical vulnerabilities from your product Learn what hackers know about your software and security Reduce the risk of cybercriminals by using ethical hackers to find bugs first Get continuous feedback about your security
  • 18. Evgenia Broshevan CEO of HackenProof e.broshevan@hackenproof.com @jerh17 Be proactive, not reactive!