Katie Moussouris speaks out on modern-day flaw finding and infosec jobs
Disclosure Bug-bounty pioneer Katie Moussouris has urged companies to hire the necessary staff to handle vulnerability disclosures before diving headlong into handing out rewards.
Likening the process to digestion, the CEO of Luta Security said many companies launch bounty programs without the ability to properly process bug reports and use them to improve the security of their software beyond just patching over individual issues. As a result, developers end up receiving loads of reports for basic flaws, like denial-of-service or cross-site scripting errors, and paying out bounties, but don't ever fix the root causes of those errors.
"It is like going to an all you can eat buffet without a working digestive system," Moussouris told attendees of the Disclosure infosec conference ..
Support the originator by clicking the read the rest link below.
