by Michael Arbow, MBA
Partner, RSD Solutions Inc.
The major downside risk for any software/web based company is a “bug” that can disable their software or possibly expose their clients/users private information to the public. To reduce this downside risk some firms and perhaps most recently Facebook, have established a program that provides incentive money to third parties or “bug bounty hunters”. As the Chief Security Officer Joe Sullivan states:
"We hire the best and brightest (at Facebook), and have implemented numerous protocols. We realize, though, that there are many talented and well-intentioned security experts around the world who don't work for Facebook."
In other words, Facebook has a talented team but realize they do not a monopoly on that talent and that outsiders sometimes see things or have ideas that the company employees do not. Being buried in the weeds with the day-to-day and living the company culture can sometimes reduce your visibility. Is your company like Facebook and retains or incents outsiders (consultants?) to define risks your employees may overlook? And if your company has not sought third party guidance what procedures does your organization have in place to continually discover the un-discovered?
For more on Facebook’s use of third party risk hunters follow the link to the CNN Money story: http://tinyurl.com/3d3twx3
No comments:
Post a Comment