Bug bounty programs can be invaluable, but without the proper resources in place, they will fail hard.
“There’s a lack of imagination or… anticipation about the next move that hackers will make," warned investigative journalist Kim Zetter during Black Hat this week.
Former CISA director Chris Krebs said at Black Hat that the community may have focused too much on APT groups in recent years.
CISA Director Jen Easterly said the agency's new Joint Cuber Defense Collaborative seeks imagination and innovation in the hacker community to help secure critical infrastructure.
Reverse engineering to find the root cause of vulnerabilities can be a frustrating task, but even the analyses that go wrong can produce lessons and new skills.