How many bug bounty programs does your organization run currently?

Security & GRC Threat & Vulnerability Management Security Strategy & Roadmap +4 more

014%

148%

230%

3-57%

5+1%

244 PARTICIPANTS

648 views1 Upvote3 Comments

Director of Information Security in Energy and Utilities, 5,001 - 10,000 employees

Kind of curious how come this question came up? Is each vendor being considered a different bug program vs. 1 program with multiple vendors participating in it? Logically speaking the answer should only be 1 or 0 in this particular question.

2 2 Replies

GVP in Software, 10,001+ employees

Good point. I'd imagine it is the former -- can chime in here since she was at BugCrowd.

1

Community Manager in Software, 11 - 50 employees

Yes closer to your first point - I noticed that most customers would run multiple program types with specialized focuses. For example, one of our enterprise car manufacturing customers would run different programs for different vehicle types as they each use their own specialized software/hardware. There are times, however, where a large customer will want to run one large, open scope program and separate bug issues on a Target level within the program itself. When I set up programs, my focus was really on the individual customer's preference and security strategy.

Content you might like

Do you currently do quantitative risk assessment?

Security & GRC Risk Management

Yes53%

No, but I plan to36%

No, and I do not plan to10%

243 PARTICIPANTS

1.8k views1 Comment

Is your company expecting to reduce IT/technology resources in the coming months due to recession concerns?

People & Leadership Peer Insights

Yes51%

No42%

Uncertain6%

406 PARTICIPANTS

1.1k views

CISOs/heads of security - when capacity constraints are getting in the way of your goals, do you generally feel comfortable explaining this to your exec team? How do you approach that convo without potentially inviting doubts about your own capabilities?

Internal CXO Relationships Security & GRC Availability & Capacity Management

Chief Information Security Officer in Software, 5,001 - 10,000 employees

As a CISO or head of security, your role should include managing capacity and communicating effectively with the executive team. When capacity constraints could prevent you from achieving your security goals, it is important ...read more

1

Read More Comments

669 views2 Comments

Did anyone else catch this stat on Crunchbase: "M&A deal-making in the cybersecurity space continues to slow with only 13 deals announced for VC-backed startups in the first quarter of the year" Do you think the decrease in cybersecurity M&A is going to impact innovation or could it lead to consolidation in terms of vendor offerings (that is perhaps a needed change)?

Security Strategy & Roadmap Security & GRC Innovation

CISO in Software, 201 - 500 employees

Almost certainly both. The VCs I talk to are far more cautious about or are outright avoiding security startups right now. Tightened funding criteria can inspire innovation, and it can filter noise, hopefully both.

This ...read more

1

Read More Comments

928 views1 Upvote4 Comments

What are the best practices for establishing an organizational change management centre of excellence?

End-User Services & Collaboration People & Leadership Process Management +1 more

CIO / Managing Partner in Manufacturing, 2 - 10 employees

Firstly, buy-in from the executive team that it is needed - so change management on the need for change management :-)

Next, the right people - those that can really bring the need for change management to life, it's ...read more

1

Read More Comments

748 views2 Comments