We sat down with Cloudinary’s CISO, Netanel Fisher, to understand more about how he took control of Cloudinary’s media management security with Bugcrowd.
Can you talk about some of the unique security issues that are specific to your industry?
The attack vectors that are most relevant to our industry are ones related to media (images and videos) and the ability to manipulate it in order to conduct malicious activities in the platform and systems. The importance of security to us as a company and for our customers is unprecedented. We value the trust placed in our platform by developers and businesses globally, and we take the responsibility of protecting our customers data very seriously. Information Security at Cloudinary is a strategic and cross-functional effort, which is reflected in our compliance with widely accepted security standards and regulations, enterprise class security features, our privacy policies as well as our overall commitment to full transparency.
How is Bugcrowd helping Cloudinary enhance its security posture?
We have always valued the power of crowdsourced security programs and our decision to work with Bugcrowd was easy due to the company’s great reputation and relevant business model. By showcasing to our customer’s and business partners our commitment to information security and data privacy management with our Bug Bounty Program, we have ensured continuous, comprehensive testing coverage through 500+ submissions from nearly 360 researchers.
If you were to recommend Bugcrowd to a peer, how would you describe it to them?
Bug bounty programs, in general, add a lot of value in regard to vulnerability management. Scanners will always be limited to their technical capabilities and penetration tests will always be scoped in time and represent a ‘snapshot in time’ status of your systems/applications security posture.
The ability to add thousands of researchers that test your platform 24/7, 365-day coverage is the biggest enhancement you can add to your vulnerability security management program.
Bugcrowd’s expertise has helped ensure the successful deployment and continual evolution of Cloudinary’s bug bounty program. By partnering with Bugcrowd, we are now able to address and resolve vulnerabilities of our platform in a quicker and more agile manner, while also having the support and partnership from Bugcrowd’s team to help us along the way.
To learn more about Cloudinary’s program and the impacts they have seen, click here.