Bug bounties, vulnerability disclosure, PTaaS, fractional pentesting – Grant McCracken – ASW #306
After spending a decade working for appsec vendors, Grant McKracken wanted to give something back. He saw a gap in the market for free or low-cost services for smaller organizations that have real appsec needs, but not a lot of means to pay for it. He founded DarkHorse, who offers VDPs and bug bounties to organizations of all sizes for free, or for as low of cost as possible.
While not a non-profit, the company's goal is to make these services as cheap as possible to increase accessibility for smaller or more budget-constrained organizations. The company has also introduced the concept of "fractional pentesting", access to cyber talent when and how you need it, based on what you can afford. This implies services beyond just offensive security, something we'll dive deeper into in the interview.
We don't see DarkHorse ever competing with the larger Bug Bounty platforms, but rather providing services to the organizations too small for the larger platforms to sell to.
Guest
Grant is the founder of DarkHorse Security, an organization whose mission is to make proactive security accessible and affordable for organizations of all sizes and budgets. DarkHorse believes that all organizations should have access to affordable proactive cybersecurity solutions, and achieves this by prioritizing access for organizations over maximizing profit.
Prior to starting DarkHorse, Grant was at Bugcrowd for nearly a decade, serving most recently as the VP of Operations. He pioneered and built Bugcrowd’s PTaaS product line, and oversaw service delivery across all product lines, including bug bounty and vulnerability disclosure. Grant has his OSCP, has spoken at various conferences, including Appsec EU, and Appsec USA, and likes trail running, hiking, writing, and making / playing music in his free time.