Why Crowdsourced Security?
Crowdsourced Security is a powerful tool – used by leading edge firms such as Google, Apple and Facebook – to decrease risk. However crowdsourced security is not yet well understood across the enterprise security community. This brief will define crowdsourced security and describe why it’s a key element of any viable security architecture.
How it works
Crowdsourced Security: A Human-Based Approach to Risk Reduction
Design your program
You define the attack surfaces you need to harden, for example web application front ends or a mobile application.
Connect to The Crowd
Depending on the type of program, you either publish the program broadly to the researcher community, or engage a more limited set of researchers in a private “invite only” program.
As vulnerabilities are uncovered by the researchers, they are triaged to determine validity and severity.
You pay a reward (or grant public “kudos”) to the researcher for finding the problem, patch the vulnerability, and verify that the attack vector has been closed.