When We Train, Support And Protect The Research Community, It Thrives

There’s so much being built today and even if companies want to staff cybersecurity researchers to test everything they’ve built, they just can’t hire all the people needed. Therefore, we need a community of people who are available to jump in and join the good fight.

In the past few years, companies have surfaced that provide bug bounty platforms and this community only continues to grow. And as more people join it, they’re beginning to share with each other and collaborate and build tools that the community can use to help the greater good.

In Part 2 of this podcast, Jason Haddix and Sean Martin talk about this situation. To further help the researcher community, Bugcrowd has announced disclose.io: “a collaborative and vendor-agnostic project to standardize best practices around safe harbor for good-faith security research.” It is an open-source template that provides a safe harbor for researchers in which the terms of service – that are typically found with bug bounty programs – still leave researchers open to legal liability.

They're also creating a Hacker/Bugcrowd University to train the community on best practices for research, tools and how to write a good submission. And leading off the university stuff, they’re also working with Cal Poly Pomona to create escape rooms based on cybersecurity where you have to hack your way out to escape.

The bottom line is that bringing more people into the community is essential and having a university is one way to do that.