Special Offer w/ OnDemand: Get an iPad (32 G), Galaxy Tab A, or Take $250 Off OnDemand Training thru Jan 27


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Case Study: See How Aruba Networks Uses Bug Bounties to Discover Vulnerabilities, Faster

  • Thursday, July 14, 2016 at 11:00 AM EDT (2016-07-14 15:00:00 UTC)
  • Leif Dreizler, John Pescatore, Jon Green


  • Bugcrowd

You can now attend the webcast using your mobile device!



Today's IT threats demand a more active role in detecting and responding to sophisticated attacks. Defenders can no longer simply press "scan" or hire a penetration test shop to protect their applications. That's where a crowd of bug hunters steps in, possessing the collective creative power to mimic bad hacker behavior in the wild.

Today, innovative companies are bringing thousands of good hackers to the fight, evening the odds and finding bugs before the bad guys do.

One of those companies leveraging the power of the crowd is Aruba, a Hewlett Packard Enterprise company. Last year, Aruba launched a private bug bounty program for its enterprise-grade Wi-Fi solution on Bugcrowd's CrowdControl platform. Since then, the initiative has led to the discovery and resolution of a number of vulnerabilities in Aruba's solutions, including its ClearPass Policy Manager.

John Pescatore will lead the discussion during this webinar, you will hear from Aruba's Senior Director of Security Architecture Jon Green on the drivers behind the Aruba bug bounty program, the process the program follows, and the ROI Aruba has seen from it to date.

Attendees will have the opportunity to see a short demo of Bugcrowd's crowdsourced testing platform Crowdcontrol.

What you will learn:
  • First-hand account of how bug hunters assess a target
  • Details on how Aruba leverages its bug bounty program to enhance the security of its networking solutions
  • Where bug bounties fit into the lifecycle of securing software
  • ROI of the modern bug bounty program

Speaker Bios

John Pescatore

John Pescatore (moderator) is the director emerging security trends for the SANS Institute. A former vice president and distinguished analyst at Gartner, Pescatore has over 30 years of experience in computer, network and information security. Prior to joining Gartner, he was senior consultant for Entrust Technologies and Trusted Information Systems and a security engineer for the U.S. Secret Service and the National Security Agency.

Leif Dreizler

As a Senior Security Engineer at Bugcrowd, Leif Dreizler works to build the internal security program and customize and security testing solutions for Bugcrowd clients. Prior to Bugcrowd, Leif spent over two years as a Senior Application Security Engineer at Redspin, performing application security assessments. He also served as the Application Security Team Lead, interfacing with clients at the engineering and sales level.

Jon Green

Jon Green, CISSP serves as CTO for Aruba Networks Government Solutions (part of Hewlett Packard Enterprise) and is responsible for ensuring that Arubaís enterprise mobility solutions meet the security and deployment requirements of government customers worldwide. Jon joined Aruba in 2003 and helped it grow from a small startup to todayís position as a leading provider of network mobility solutions. Prior to Aruba, Jon held technical, marketing, and sales positions with Foundry Networks, Atrica, Nortel Networks, and Bay Networks. Jon holds a B.S. in Information Security from Western Governorís University and a M.S. in Computer Science with a concentration in Information Security from James Madison University. When not playing with technology, he enjoys flying airplanes, learning to play the banjo, and cooking competition barbecue.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.