Security Crowdsourcing

Track: DevSecOps
When: Tue PM-3
Where: DevSecCon
Organizers Stu Hirst Stu Hirst
Participants Naushad Saboor , Abhinav Sejpal Abhinav Sejpal , Aurelijus Stanislovaitis Aurelijus Stanislovaitis , Stu Hirst Stu Hirst
Remote Participants Harmeet Singh Harmeet Singh , Madhu Akula Madhu Akula , Mohanish Mahajan Mohanish Mahajan , Mustaqiim Muhar Mustaqiim Muhar , Nicholas Tait Nicholas Tait , Prakash Sharma Prakash Sharma , Sugumaran Uppili Sugumaran Uppili , Vandana Verma Vandana Verma

Security crowdsourcing is necessary - it is allowing highly talented individuals and resourceful organisations to use the power of their intelligence, skills and resources to fight cyber threats. A community can significantly have a higher efficiency level in fighting against cyber threats rather than a single body that does all by itself.

Sharing Intelligence

Effective form of crowdsourcing, governments and private companies can share their knowledge and stop or reduce potential or existing threats. There are multiple platforms and Github is one of them for sharing valuable information.

Bounty-Based Collaboration

Information collected can be studied by analysts, engineers, investigators and technologies to get some automation done in threat management, monitoring and fraud prevention platforms.

Private companies can allow security testers to find security vulnerabilities in a product in exchange of a reward. The vulnerabilities are tested by a select group of expert testers in a controlled environment.

Questions to ask during the session?

1) What info is valuable to share? 2) What methods can we use to share it? 3) What considerations do we have when sharing info? 4) Crowdsourcing testing inc bug bounty - pros and cons 5) As an industry, how do individuals or companies share strategies or learnings? 6) Why don’t more companies or people talk at conferences or events and why is this?

Register as participant

To register as participant add Security Crowdsourcing to either:

  1. the sessions metadata field from your participant's page (find your participant page and look for the edit link).
  2. or the participants metadata field from this git session page

Back to list of all Working Sessions