Menu Icon
< back to main
 • 2 min read

Bug Bounties and DevOps Security

As DevOps becomes more and more important, daily code deployment is becoming an industry standard. But how does DevOps address security?

Bug Bounties and DevOps Security
Julie Kuhrt
Julie Kuhrt

Want to see the platform in action?
get a demoArrow Right
Want to see the platform in action?
get a demoArrow Right

As DevOps becomes more and more important, daily code deployment is becoming an industry standard. But how does DevOps address security?

If you’re constantly pushing code, you are potentially adding new vulnerabilities to your site, which is why security should be a key component of DevOps culture. At times, however, it can be difficult to achieve balance, which leads some to doubt that DevOps and security can work together. James D. Brown tackled this with his Mythbusting DevOps and Security article and Nick Galbreath from Etsy also did a great talk around DevOpsSec and how you integrate security in DevOps.

DevOps Security Testing

Continuous testing

Security in DevOps requires proactivity. It is important to take security into account in the development process, and to include it in your automated tests. DevOps security also requires that you monitor for issues and deploy fixes quickly. While the automatic security testing tools can be used in the development process to test for basic issues, these tools do not catch everything, especially complicated vulnerabilities. This is where bug bounty programs can add value to your DevOps process. By crowdsourcing your security, security researchers with a diverse set of skills can submit your code to a series of high quality tests to discover vulnerabilities.

Bug Bounties as a DevOps Tool

Ongoing bug bounty programs provide DevOps teams the opportunity for continuous and high quality security tests to be run on both staging and production environments. This provides teams both scalability and quality when testing for security, which may be why DevOps pioneers like Google and Etsy run active bug bounty programs on their sites.

Related Stories

Cybersecurity Statistics for 2021
Cybersecurity Statistics for 2021
What's new in ransomware, social engineering, and many other security threats
Read moreArrow Right
The State of Pentesting 2021: Common Vulnerabilities, Findings, and Why Teams Struggle With Remediation
The State of Pentesting 2021: Common Vulnerabilities, Findings, and Why Teams Struggle With Remediation
Each year, we publish The State of Pentesting report to provide a detailed overview of vulnerabilities and identify the trends and hazards that impact the cybersecurity community.
Read moreArrow Right
How to Build Resilience in Cybersecurity: 4 Lessons Learned From Military Experience
How to Build Resilience in Cybersecurity: 4 Lessons Learned From Military Experience
What better group to turn to for advice than security leaders who have worked on the front lines of risk and uncertainty?
Read moreArrow Right
New Ebook: Beginner’s Guide to Compliance-Driven Pentesting
New Ebook: Beginner’s Guide to Compliance-Driven Pentesting
Find out more about the role of pentesting in your company’s compliance effort.
Read moreArrow Right

Never miss a story

Stay updated about Cobalt news as it happens