DevOps.com

Where the world meets DevOps

  • Home
  • Features
  • Neighborhoods
    • Cloud
    • Continuous Delivery
    • Continuous Testing
    • DevSecOps
    • Leadership Suite
    • Practices
    • ROELBOB
    • Toolbox
  • Webinars
    • Upcoming
    • On-Demand
  • Library
  • Chat
  • News
  • Authors
  • Directory
  • About
  • Related Sites
    • Container Journal
    • DevOps Connect
    • DevOps Dozen
    • DevOps Institute
    • Microservices Journal
    • Security Boulevard

Home » Features » Cobalt Merges Bug Bounties, Continuous Testing for Better Security

Cobalt Merges Bug Bounties, Continuous Testing for Better Security

Tony BradleyBy Tony Bradley on August 19, 2016 Leave a Comment

The rapid pace of application development today can be hard to keep up with, especially when it comes to security. Combining the benefits of continuous testing with the incentives of a crowdsourced bug bounty program seems like a potentially effective way to address that volatility effectively.

 
Recent Posts By Tony Bradley
  • DevOps: Don’t Let Detection Be a Bottleneck for Security
  • Speed Rules in Chef’s DevOps Survey
  • Defend Against Phishing Attacks with EV Certificates
Tony Bradley More from Tony Bradley
Related Posts
  • GitHub, Bug bounties and DevOps
  • Scrutiny of the Bug Bounty
  • Bugcrowd Disrupts the Multi-Billion Dollar Pen Test Market With Its Next Gen Pen Test Solution
    Related Categories
  • Continuous Testing
  • Features
    Related Topics
  • bug bounty
  • Cobalt
  • continuous testing
Show more
Show less
 

Companies need to keep up with demand while staying one step ahead of the competition. It’s very easy in such a dynamic environment for security to fall through the cracks, or be ignored entirely. Combining DevOps-style automation with crowdsourced intelligence is a good approach.

 

Bug bounty programs have matured and gained mainstream acceptance in recent years, thanks in large part to the leading champion of bug bounty programs, Katie Moussouris. After launching Microsoft’s successful bug bounty program, she left to join Hacker One as Chief Policy Officer. She recently ventured out on her own as a bug bounty evangelist and consultant under the banner of Luta Security.

 

The concept is simple: Rather than pretending vulnerabilities don’t exist, or sitting around waiting for the bad guys to exploit the vulnerabilities first, a bug bounty program provides financial incentives for hackers and/or security researchers to identify and report flaws. The net result is a win-win-win that results in more secure applications, happier customers and satisfied security researchers who feel appreciated—and paid—for the work they do.

 

That is where Cobalt comes in. “I’m impressed by how Cobalt has built its model by taking the best elements from the bug bounty space, which offers rewards to those in the security community who can identify software vulnerabilities, and combining them with a scalable, continuous penetration testing platform,” said Robert Fly, an investor and advisor with more than 15 years of application security experience from Microsoft and most recently Salesforce, where he built the product security team and was VP of Security Engineering.

 

“Companies building web and mobile applications need the flexibility to quickly develop new applications that delight their customers, while ensuring that their applications are secure,” said Jacob Hansen, CEO of Cobalt. “Instead of needing to invest in security tools, such as scanners and penetration tools that are expensive and vary in quality, and having to hire security staff or consultants, our customers rely on Cobalt to provide transparent continuous application testing services, leveraging a powerful platform along with a global community of security researchers.”

 

There are a variety of well-known software-as-a-service (SaaS) companies already using Cobalt, including GoDaddy, Wix, Weebly, Nexmo and Optimizely.

 

At face value, this seems like an awesome strategy. Only time will tell how it really plays out, but the success of bug bounty programs when it comes to finding and fixing vulnerabilities in general is indisputable, and continuous testing is a staple of DevOps environments. Combining the two should raise the bar for application security in general.

  
Sponsored Content
Featured eBook
DevOps Challenges and Version Control: The 2018 Report

DevOps Challenges and Version Control: The 2018 Report

DevOps.com produced a survey to learn how organizations’ development teams rely on their version control software for successful DevOps implementation. Perforce Software sponsored the study. Version control software (or VCS) has emerged as a way to solve these DevOps challenges. For many companies, the right version control tool is a ... Read More
 

Filed Under: Continuous Testing, Features Tagged With: bug bounty, Cobalt, continuous testing

  • Click to share on LinkedIn (Opens in new window)
  • Click to share on Twitter (Opens in new window)
  • Click to share on Facebook (Opens in new window)
  • Click to share on Reddit (Opens in new window)
  • More
  • Click to share on Pinterest (Opens in new window)
  • Click to share on Tumblr (Opens in new window)
« Cloud Security Tips: How to Prevent Hackers from Breaching Your Cloud
REAN Cloud Acquires Opex Software to Strengthen it’s DevSecOps Practice »
Continuous testing is the process of executing automated tests as part of the software delivery pipeline to obtain immediate feedback on the business risks associated with a software release candidate.

Newsletter Sign-up

  • View DevOps.com Privacy Policy

RSS Container Journal

  • 5 Key Considerations for Managed Kubernetes
  • Latest Container Vulnerabililty Creates Another Tempest in a Security Teapot
  • IBM Uses Kubernetes to Run Watson Apps on Any Cloud
  • What is Knative, and What Can It Do for You?
  • NeuVector Extends Container Security Reach to Service Meshes

RSS Security Boulevard

  • WordPress Sites Hacked Through Vulnerable Payment Forms Plug-in
  • What is Data in Vicinity?
  • Consumer Privacy in Question Over Ring Video Files
  • New Shlayer Malware Variant Targeting Macs
  • DevOps Chat: Shifting DevSec Left with ShiftLeft – RSAC Edition

Upcoming Tricentis Webinars

  • Jan 29 – The Future of Testing and Navigating the Path Forward
  • Download Free eBook

    https://library.devops.com/6-tips-for-a-leaner-backlog-0

    Download Free eBook

    The Application Security Guide for Modern Operations Teams
    The Application Security Guide for Modern Operations Teams

    RSS DevOps Chat

    • Serverless App Building Made Easy w/ Ashu Agarwal, Nimbella
    • Mainframe DevOps Update w/ Chris O'Malley
    • Shifting DevSec Left with ShiftLeft /RSAC Special
    • DisruptOps: SecurityOps Disrupted / Special RSAC Edition
    • DevSecOps @ RSA Conference with James Wickett and Shannon Lietz

    Past Webinars

    DevOps.com Webinar ReplaysDevOps.com Webinar Replays
    • Home
    • Business Directory
    • About DevOps.com
    • Write for DevOps.com
    • Media Kit
    • Sponsor Info
    • Copyright
    • TOS
    • Privacy Policy

    © 2019 ·MediaOps Inc.All rights reserved.

      • Twitter
      • LinkedIn
      • Facebook
      • YouTube
      • RSS Feed
    • Home
    • Features
    • Neighborhoods
      • Cloud
      • Continuous Delivery
      • Continuous Testing
      • DevSecOps
      • Leadership Suite
      • Practices
      • ROELBOB
      • Toolbox
    • Webinars
      • Upcoming
      • On-Demand
    • Library
    • Chat
    • News
    • Authors
    • Directory
    • About
    • Related Sites
      • Container Journal
      • DevOps Connect
      • DevOps Dozen
      • DevOps Institute
      • Microservices Journal
      • Security Boulevard
    • Home
    • Business Directory
    • About DevOps.com
    • Write for DevOps.com
    • Media Kit
    • Sponsor Info
    • Copyright
    • TOS
    • Privacy Policy
    Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.