Over the past 7 years Bugcrowd has had a front-row seat to watch hackers (and cybersecurity itself) go from scary, to relevant, to cool, to normal...
So, what now?
2. whoami
Founder/Chairman/CTO of Bugcrowd
20 years in infosec (Pentester > Solution Architect/Sales >
Entrepreneur)
Pioneered Crowdsourced Security as-a-Service
Proud Australian, husband, and father of two
Lives in San Francisco, California
$ sudo hack.sh $ sudo hustle.sh
7. Barnaby Jack
1977 - 2013
The guy who hacked the pacemakers (RIP)
“Sometimes you have to demo a threat to
spark a solution.”
“We’re not here to f**k spiders.”
8. Rear Admiral Grace Hopper
1906 - 1992
The woman who wrote the first compiler, found the
first bug, and broke most of the molds of computer
science.
“If it’s a good idea, go ahead and do it. It’s much
easier to apologize than it is to get permission.”
“You don’t manage people; you manage things. You
lead people.”
12. Connected vehicle security is top of mind for almost all automotive companies.
Automotive adoption of VDP and crowdsourcing outpaced all other verticals.
Autonomous vehicle security is on the same track.
Swatting XSS is considered table-steaks for ANY company.
A new generation of hardware hackers are tooling up.
Hacking is kinda cool now…
Dick Cheney fixed his pacemaker
Vulnerability disclosure added to FDA docs (Greetz to Suzanne Schwartz)
His methods were reused to reignite the medical security conversation in 2016
If you code in 2019, you can probably thank Grace for that.
13. A bit about Bugcrowd…
We take the latent potential of the white-hat community and
create a safe, effective, and continuous feedback loops with
people who build and deploy technology.
14. We’ve spent the last 7 years connecting
Pirates to the problems only they can solve.
Here’s what we’ve seen.
20. 2014 The year of the retail breach “Hacking happens to me”
2015 Ashley Madison, OPM, Healthcare “Hacking happens to me, and it hurts”
2016 DNC hacks, election interference “Hacking happens to my country”
2017 - 2018
Breaches Breaches Breaches Breaches
Breaches Breaches Breaches Breaches
Breaches Breaches Breaches Breaches
Breaches Breaches Breaches Breaches
“Software is eating the world, and bad guys are
eating the software”
21. If it’s repeated enough times at the dinner table,
it’ll make its way to the Board Room.
26. 2012 Bugcrowd launches Hackers are scary
“Can I meet everyone who
participates in my
program?”
2016
DOD Hack The
Pentagon program
Hackers are relevant
“It’s not a question of if, but
when and how we engage
the community”
2018
Peak cybersecurity
hype
Hackers are cool
“I’d like to pay $1M for a
missing cookie header to
get in Techcrunch please”
*s/hackers/infosec/g
**s/infosec/cybersecurity/g
37. disclose.io - Fixing the Internet’s Auto-Immune Problem
Started by Bugcrowd in 2016
Re-launched in 2018
- Open Source Disclosure Policy
Framework
- Safe Harbor logo recognition
- Public directory of adopters
- Legal standardization of
vulnerability disclosure language
- Safe Harbor for good-faith
hackers
- Rewarding proactive behavior on
the company