Every business needs a vulnerability disclosure policy. Thankfully, a growing number of organisations have one. Yet, those programs are not always a click away. Here’s to a unique plugin for both Chrome and Firefox, because making it easy to report issues need not be much work.
Interview with Romain Lods, Head of Engineering, Deezer
What made you decide to get into Bug Bounty?
About two years before we launched our Bounty Bug Program, we started internal security audits on our code, which had never been done before at Deezer. These tests allowed us to make a first pass and fix some obvious vulnerabilities.
YesWeHack organises bug bounty programmes to disclose and correct vulnerabilities before malicious tools get in. A year after joining the Paris Call, we look back at how have we contributed to furthering peace in the cyberspace.
What made you decide to launch a Bug Bounty program?
We mainly launched a bug bounty because of our short delivery cycles. We were used to doing “traditional” pentests once a year, but as we have a lot of changes every month on our scopes, we simply could not wait 12 months for the next audit. Bug Bounty enables us to carry out continuous checks, for each release, update, new delivery, etc.