Читать книгу Corporate Cybersecurity - John Jackson - Страница 31

Ultimately, who would be responsible for starting a bug bounty program? Ideally, a bug bounty program manager should be whoever does the day-to-day work in coordinated application or web application security measures.

Not every engineer has the dilemma of figuring out their role in the vulnerability management process. If an engineer is hired as an application security engineer, it’s a given that they will have to be responsible for monitoring and triaging any application vulnerabilities as they pertain to mobile or web applications. It’s important to understand that engineers who have the sole responsibility of vulnerability management typically focus on network vulnerabilities. It would be unusual to see a security engineer on the vulnerability management team identify, remediate, or manage application vulnerabilities.

The ideal situation is one in which an application security manager and at least one application security or general security engineer set up and manage a bug bounty program. However, this isn’t always the case. Therefore, it’s important to have the tools to know what to do if it’s your responsibility to establish a program.