Head of a bug bounty platform doesn't get why there's so much pushback on his 1st tweet in the thread.
Many have tried to educate him on why his take lacks understanding of real world vuln management.
Let's crowdsource his education.
Most constructive replies go into my next talk
I would love to hear why you think that hiring fewer people should not be a goal. Many of our customers say that they are understaffed in security and they look for vendors who can bring value without causing much workload increase.
22
35
2
158
Once upon a time, I owned the bug bounty program at @PayPal. There was never a "savings" in terms of head count nor cost. Bug bounties require effort, even if you outsource to one of the BB platforms, and should never be a substitute for internal assessments.
May 19, 2019 · 11:56 PM UTC
3