Crowdsourced Security: The Good, The Bad, and The Ugly presented at AppSecCali 2017

by Caroline Wong,

Summary : Cost, quality, and coverage. These are the three major factors that security professionals must consider when designing a strategy for testing their web applications. There is a major talent shortage in the United States, and tools will only get you so far. How can security professionals leverage the power of the crowd to get fresh, incentivized eyes on their latest and greatest web apps, mobile apps, and APIs? Public and private bug bounties, crowdsourced penetration testing… what are the advantages and risks to engaging in this brave new world of “hire the hacker”? Join Caroline Wong, VP of Security Strategy at for a frank discussion of the good, bad, and the ugly when it comes to crowdsourcing your web application security.