How to maximize ROI of Bug Bounties and penetration tests

I’ve been doing security bug hunting, penetration tests and managing in-house bug bounty programs for various companies, for over half a decade already. During that time I learnt that it doesn’t really happen too often that hiring company knows exactly what to do with security engagements results.
I’d like to help and suggest what you can do to fully benefit from what you paid for.

FYI — Later in this post I’ll be using pentester/bug hunter interchangeably. Although I know there is a quite a difference between those professions, in a context of this article it doesn’t matter. Continue reading “How to maximize ROI of Bug Bounties and penetration tests”

Peerlyst ebook: Essentials of Cybersecurity

Essentials of CyberSecurity is a crowdsourced ebook written by @Peerlyst community. I wrote the chapter ‘Building corporate security culture’ with following preface, which should give you a solid context for the message I tried to convey in my article. Continue reading “Peerlyst ebook: Essentials of Cybersecurity”