“Do you perform penetration testing on your product? If yes, how often?” If I had a nickel every time I saw a version of this question asked on vendor due diligence forms or as a line item in a security audit, I’d finally be ready to <insert a thing I’d do with a lot of money here>. But I digress. October is Cybersecurity Awareness Month! This year’s theme is “Do Your Part. #BeCyberSmart.” Below, I’ll outline how LogicGate uses a bug bounty program to help us do our part with more consistent penetration testing.
How It Started
In the olden days, in which security was not even on the radar of most organizations as a business imperative, standards organizations (e.g., ISO) and governmental bodies (e.g., NIST) began setting the stage for what constituted a good cybersecurity program. The natural frequency for control applications usually defaulted to what functions as a bare minimum when going from zero to one. Do you test your solution? Do so
Read the article