Shifting Left with Feature Flags and Bug Bounty Programs
The blog post discusses a method to reduce risk exposure by leveraging feature flags and an existing bug bounty program. It highlights the importance of integrating security into the software development life cycle (SDLC) due to the increasing number of data breaches worldwide. The application security funnel is presented, showing how vulnerabilities should decrease as they move down the funnel. Bug bounties are mentioned as a last line of defense for finding bugs and exploits in production environments. Feature flags are introduced as a tool that allows developers to manage components and compartmentalize risk by separating feature releases from code deploys. The post suggests combining feature flags with bug bounty programs to significantly reduce exposure to critical security vulnerabilities, allowing researchers to pen test changes before they become generally available.
Company
LaunchDarkly
Date published
Jan. 22, 2020
Author(s)
Chris Tarquini
Word count
860
Hacker News points
None found.
Language
English