Attack thyself with 0days, preaches former hacker bod
By Darren Pauli, 2 Oct 2014 "Businesses should deploy bug bounty programs, phish their staff and launch intelligent attacks against their networks, Zane Lackey says.The now chief security officer of SignalSciences ran through the experience of building and adapting Etsy's security team.
Lackey (@zanelackey) and his colleagues, who left the hipster bazaar to found SignalSciences, had to deal with the security fallout when Etsy began pushing to production 30 times a day under a continuous deployment and merged development and operations model.
"The fundamental shift is that vulnerabilities occur in all methodologies, but in continuously deployment there is no such thing as an out-of-band patch," Lackey said in a talk given at Duo Security offices in the US.
"How many people live through the days of out of band patches? There goes your weekend, right?"
Full Article