Vulnerability management isn’t scalable, but bug bounty programs are 

by | Oct 18, 2022 | Technology

Did you miss a session from MetaBeat 2022? Head over to the on-demand library for all of our featured sessions here.

Every security team knows how important patching vulnerabilities is — the problem is that it takes lots of time to do. In fact, research shows that it takes organizations an average of 60 days to patch critical risk vulnerabilities, and with 18,371 vulnerabilities discovered in 2021, there’s too many for a single team to patch alone. 

However, bug bounty programs are providing an answer to this predicament by incentivizing a crowd of external security researchers to discover and remediate vulnerabilities in exchange for a fee. 

Today alone, enterprise insights platform Stravito, which provides organizations with a SaaS platform to store, discover and integrate market/consumer insights, announced the launch of a new bug bounty program in partnership with Intigriti. 

For Stravito, the program provides an opportunity to build on its recent ISO 27001 certification, and mitigate potential vulnerability management risks that put customer data at risk of exposure. 

Low-Code/No-Code Summit
Join today’s leading executives at the Low-Code/No-Code Summit virtually on November 9. Register for your free pass today.

Register Here

Bug bounties: The answer to vulnerability management complexity? 

More broadly, Intigriti and Stravito’s partnership highlights that bug bounty platforms provide enterprises with a powerful tool they can use to enhance the capabilities of in-house security teams and mitigate an ever-growing number of vulnerabilities at scale. 

The announcement comes as more and more private and public organizations are experimenting with bug bounty platforms to discover and eliminate vulnerabilities in their technology stacks, including the DoD, Google, Uber, Microsoft and Apple. 

Stravito, which last year announced raising $14.6 million in series A funding, is one of a growing number of smaller providers turning to cloud-sourced security to secure its systems against modern threat actors. 

Although, it’s important to note that a bug bounty program isn’t designed to replace an onsite security team, but to augment their existing efforts. 

“Our Bug Bounty program ties in directly with our DevSecOps teams (through our incident-management processes and software-development lifecycle), both for remediation of vulnerabilities but also as a feedback loop to educate our DevSecOps engineers, raising the bar and minimizing future bugs and vulnerabilities,” said Thor Olof Philogène, founder and CEO of Stravito. 

At the same time, automation has a critical role to play in enabling an organization to integrate and action the findings of external researchers. 

“Automation is also key, both for detection of potential bugs and vulnerabilities (SAST and DAST) and to scale our capabilities to show compliance to clients, auditors and regulators (compliance as code) both now and i …

Article Attribution | Read More at Article Source

Share This