Thanks for your feedback! How do we convince decision makers to include ethical hacking in our project?

That's a good question and it comes down to convincing decision makers of the value proposition. A lot vendors in the appsec space tend to use fear as a motivating factor, which can bear fruit as no one wants to be the leader who cut corners with security and then experienced a hack. However, a more positive model could be better for long-term delivery of value. There's plenty of evidence and case studies around the benefits of ethical hacking within software development lifecycle, as it really fills the gap in terms of vulnerability detection from the scanning tools and how the 'black hat' hackers operate. The various bug bounty initiatives that many companies run are good examples of an ‘open-sourced’ model, both these can be expensive to operate with the potential of large payouts and operate at the speed of the individual security researchers, not the speed of your development team.@@test-automation-experience

That's a good question and it comes down to convincing decision makers of the value proposition. A lot vendors in the appsec space tend to use fear as a motivating factor, which can bear fruit as no one wants to be the leader who cut corners with security and then experienced a hack. However, a more positive model could be better for long-term delivery of value. There's plenty of evidence and case studies around the benefits of ethical hacking within software development lifecycle, as it really fills the gap in terms of vulnerability detection from the scanning tools and how the 'black hat' hackers operate. The various bug bounty initiatives that many companies run are good examples of an ‘open-sourced’ model, both these can be expensive to operate with the potential of large payouts and operate at the speed of the individual security researchers, not the speed of your development team.@@test-automation-experience