SPONSOR INTERVIEW: Are bug bounties more effective than pentesting?

In some cases, yes!
23 May 2013 » Risky Business Extra, AusCERT

In this sponsor interview with chat with Casey Ellis, the founder of BugCrowd.

When Casey co-founded the business the idea was simple -- the company would host outsourced bug bounty programs for clients that didn't have the expertise to run their own. As some of you may know, the idea really took off, but what no one expected was for BugCrowd's registered testers to do a better job than many penetration testing teams.

It's cheaper than a pentest, and in the case of Web application or mobile application security testing, these bug bounty programs are turning up more actionable issues than penetration testing teams.

Could these types of programs be disruptive to the penetration testing services industry? Casey joined me to discuss.