The Detectify Crowdsource platform allows security researchers to submit newly discovered exploits and incorporate them into Detectify’s automated security service. At the heart of the initiative is the community of skilled web security experts from across the globe. We have talked to our community manager Kristian Bremberg about his background, the art of building communities, and the power of the crowd.
How did you get into web security?
I have always been interested in integrity and personal data. So many people are online nowadays that there is a natural link between integrity and web security. I eventually became active in the web security community, both on Twitter and on various forums. I established one of Sweden’s largest online communities for security researchers and arranged meetups that brought people closer together based on their joint interest in web security.
How did you come across Detectify?
I knew of Frans Rosén and other security experts, which is how I found out about Detectify. I thought it was an interesting product and I knew the people behind it were fantastic researchers. Over the years, I have followed the company’s development and security research content, and also contributed by writing technical guest blogs for Detectify Labs.
What is crowdsourced security?
Crowdsourced security gives researchers freedom. Instead of having to reach out to companies one by one, which involves figuring out who to contact and informing them about an exploit, they can submit a module to Detectify Crowdsource. As soon as their submission is processed, they know that their contribution will make an impact and help secure hundreds of websites. Detectify doesn’t just publish the vulnerability, but does something bigger with it by incorporating it into the scanner.
Based on your experience from building a web security community, what have you learnt about maintaining a community that functions well?
Communication is vital! Being able to understand what works and what doesn’t for the community members. It’s really important to listen to them and show them that their voice is being heard.
What does your role as community manager entail?
My key task is to communicate with researchers, listen to them, and encourage them to share feedback and ideas. There is also a more technical side to the role as I will be the researchers’ point of contact for questions related to module submissions, prioritized technologies and proofs of concept. I think the role fits me really well because I am interested in security and have experience in a range of programming languages, but I am also very social and enjoy communicating.
How can we reach out to the best ethical hackers?
It’s all about involving key personalities that play an important role in the community.
What makes Detectify Crowdsource unique?
The personal contact we offer researchers. We already have some well-established security profiles contributing to Detectify Crowdsource and we are working closely with them to build a tight-knit community, take time to get to know every researcher, and maintain the personal communication. On top of that, the platform allows researchers to reach out to a wider audience because Detectify has a global customer base. This way, submitting an exploit can really make a difference.
How is Crowdsource going to change Detectify’s service?
It will definitely improve the scanner, the modules will be even better because they will be updated more frequently and will cover more programming languages and technologies. It will also make a difference for the community; ethical hackers will see Detectify in a new light, as a company that understands how they work, allows them to contribute to the tool and gives them better reach.
To find out more about Kristian’s work, follow him on Twitter @dotchloe. If you have any questions about Detectify Crowdsource, let us know at hello[at]detectify.com!