{"id":4260,"date":"2022-11-17T09:41:58","date_gmt":"2022-11-17T09:41:58","guid":{"rendered":"https:\/\/www.echobox.com\/resources\/?p=4260"},"modified":"2022-11-21T16:06:43","modified_gmt":"2022-11-21T16:06:43","slug":"bug-bounties-risk-and-cybersecurity-for-publishers-a-chat-with-echoboxs-cto","status":"publish","type":"post","link":"https:\/\/www.echobox.com\/resources\/blog\/bug-bounties-risk-and-cybersecurity-for-publishers-a-chat-with-echoboxs-cto\/","title":{"rendered":"Bug bounties, risk and cybersecurity for publishers: A chat with Echobox\u2019s CTO"},"content":{"rendered":"<p>What do Echobox engineers and a horde of hackers share in common?<\/p>\n<p>They\u2019re all working to ensure the utmost security of the Echobox platform.<\/p>\n<p>We recently made our <a href=\"https:\/\/www.echobox.com\/resources\/press\/echobox-safeguards-publisher-clients-with-innovative-bug-bounty-program-from-yeswehack\/\" target=\"_blank\" rel=\"noopener\">bug bounty program public<\/a> with YesWeHack, a global bug bounty and Vulnerability Disclosure Policy (VDP) platform. Such programs aim to help us pinpoint potential security vulnerabilities and proactively resolve them long before they could lead to a breach.<\/p>\n<p>What exactly are bug bounty programs, and how do they work? What makes them effective? And why should publishers care about them?<\/p>\n<p>We sat down with Echobox CTO Marc Fletcher to discuss.<\/p>\n<p><img decoding=\"async\" loading=\"lazy\" class=\"attachment-large wp-post-image alignleft\" title=\"How we use artificial intelligence to help publishers\" src=\"https:\/\/www.echobox.com\/resources\/wp-content\/uploads\/2016\/06\/marc-663x515.jpeg\" sizes=\"(max-width: 663px) 100vw, 663px\" srcset=\"https:\/\/www.echobox.com\/resources\/wp-content\/uploads\/2016\/06\/marc-663x515.jpeg 663w, https:\/\/www.echobox.com\/resources\/wp-content\/uploads\/2016\/06\/marc-300x233.jpeg 300w, https:\/\/www.echobox.com\/resources\/wp-content\/uploads\/2016\/06\/marc-150x117.jpeg 150w, https:\/\/www.echobox.com\/resources\/wp-content\/uploads\/2016\/06\/marc-768x597.jpeg 768w, https:\/\/www.echobox.com\/resources\/wp-content\/uploads\/2016\/06\/marc-87x67.jpeg 87w, https:\/\/www.echobox.com\/resources\/wp-content\/uploads\/2016\/06\/marc.jpeg 1170w\" alt=\"Dr Marc Fletcher\" width=\"311\" height=\"491\" \/><\/p>\n<p><strong>Echobox:<\/strong> <strong>Why is security critical for publishers (and for vendors like Echobox who serve them)?<\/strong><\/p>\n<p><strong>Marc Fletcher:<\/strong> For news publishers, the potential risk of a compromised social media account is very high from a societal perspective. Imagine the worst-case scenario, where a hacker manages to post to the world\u2019s largest social media accounts simultaneously in a way that could even move stock markets. Nefarious actions on social media could be used in various scams, such as the <a href=\"https:\/\/www.npr.org\/2020\/07\/18\/892615413\/we-re-embarrassed-twitter-says-high-profile-hack-hit-130-users\" target=\"_blank\" rel=\"noopener\">2020 hacking of high-profile Twitter accounts<\/a> in a Bitcoin scam, or the <a href=\"https:\/\/www.forbes.com\/sites\/joshwilson\/2022\/06\/15\/social-media-blamed-for-1-billion-lost-in-crypto-scams\/\" target=\"_blank\" rel=\"noopener\">cryptocurrency scams<\/a> on social media that have resulted in losses of $1 billion. It also still surprises me how little other social sharing tools seem to care about this.<\/p>\n<p>At an extreme, if a malicious actor were to hack top news accounts and spread misinformation, it could trigger political chaos or even a world war. Because we care so much about protecting real news, it\u2019s critical for us at Echobox to ensure our platform security is up to scratch.<\/p>\n<p><strong>Echobox: How do we approach security at Echobox?\u00a0<\/strong><\/p>\n<p><strong>Marc Fletcher:<\/strong> Compared to the rest of the market, we\u2019re definitely ahead of the curve from a cybersecurity perspective. We take a rigorous approach to security at Echobox, and a public bug bounty program is just one small component of this approach. We also deliver comprehensive cybersecurity training for each employee and have introduced stringent internal anti-phishing practices, for example. These initiatives are all carried out with the same goal in mind.<\/p>\n<p>The cost of security risks varies from company to company, but reputational damage resulting from a security breach can be severe. Companies have two choices: either do the testing proactively and find problems before they arise, or don\u2019t do the testing and expose their clients to serious harm. At Echobox, we\u2019d much rather know about potential issues and proactively fix them, rather than let any vulnerabilities be exploited and cause damage to our clients.<\/p>\n<p><strong>Echobox:<\/strong> <strong>What are bug bounty programs?<\/strong><\/p>\n<p><strong>Marc Fletcher:<\/strong> A bug bounty program involves inviting skilled ethical hackers to probe and test a software platform in search of security flaws. They\u2019re incentivized with a monetary reward that can range according to the severity of the vulnerabilities they identify. In the case of Echobox\u2019s public program, ethical hackers can earn bounties of up to \u20ac6,000 per report. Any security flaws that are found can then be resolved, ensuring an impenetrable platform and helping to prevent future security breaches.<\/p>\n<p><strong>Echobox: What advantages do bug bounty programs offer over other types of cybersecurity measures?<\/strong><\/p>\n<p><strong>Marc Fletcher:<\/strong> Bug bounties are \u201calways-on\u201d programs, as opposed to ad hoc tests. A huge advantage of this type of program is that anyone who\u2019s part of the bounty ecosystem can come along and try to find weaknesses or vulnerabilities. That\u2019s a significant advantage, as cybersecurity is exceptionally complex and broad. For example, saying you understand everything about cybersecurity is a bit like saying you\u2019ve read every single piece of English literature \u2013 it\u2019s an impossible feat for one person\u2019s lifetime.<\/p>\n<p>So a bug bounty program gives companies access to hundreds or even thousands of people with different specialties, and they test your system for particular weaknesses. This provides a large advantage over penetration tests, which can reveal vulnerabilities that are either very common, or that are limited to the specialties of your particular penetration tester (and much depends on the language or framework that they\u2019re using to test).<\/p>\n<p>Bug bounty programs are one of the most cost effective things a company can do to ensure robust security. There are compliance certifications that companies can pay for, such as ISO 27001 and SOC 2, or PCI for companies that handle payments, but many of these accreditations can often become more administrative than practical. They require providing paperwork and ticking boxes. A bug bounty program is much more practical in terms of preventing breaches in the first place, which is Echobox\u2019s goal.<\/p>\n<p><strong>Echobox: Why did Echobox decide to invest in a public bug bounty program? Have we done anything like this before?\u00a0<\/strong><\/p>\n<p><strong>Marc Fletcher:<\/strong> Launching a public bug bounty program felt a logical next step to follow on from our private bug bounty programs. The public program gives us greater exposure and access to YesWeHack\u2019s community of 45,000 ethical hackers with their diverse areas of expertise. One fact that stood out to us is that no other social media publishing companies seem to be running public bug bounty programs like ours.<\/p>\n<p>Prior to our bug bounty experience, we\u2019ve run one-off penetration tests which involve paying a consultant for 3 to 4 days to poke around and see what issues or vulnerabilities they can find, but these kinds of tests have their limitations as I mentioned earlier.<\/p>\n<p><strong>Echobox:<\/strong> <strong>Do you think more companies will be investing in bug bounty programs in the future?<\/strong><\/p>\n<p><strong>Marc Fletcher:<\/strong> Bug bounties have been around for about a decade, and they\u2019ve grown in popularity as companies have learned of their benefits. On the face of it, they may seem expensive compared to a one-off penetration test. But given the potential long-term benefits, and the cost to a company of an actual breach, bug bounty programs are still cost-effective.<\/p>\n<p>I think many companies struggle with the idea that with a bug bounty program, you\u2019re paying people to tell you where you\u2019ve got things wrong \u2013 and they don\u2019t want to know or risk bruising their ego. They\u2019d rather hide in ignorance and assume everything is great with their products and systems. But living in ignorance only works until you\u2019re hit by a devastating breach. In our case, it\u2019s critical to invest in robust security up front and have peace of mind that we\u2019re offering our publisher clients an ultra-secure platform.<\/p>\n<p><strong>Echobox: Any final advice for publishers about cybersecurity?<\/strong><\/p>\n<p><strong>Marc Fletcher:<\/strong> Similar to GDPR compliance, platform security should be a very important factor for publishers. Though a major risk may seem far-fetched, a security breach of any size could present a real threat to publishers who hold such an important role in how information is disseminated throughout our society. If the security of your brand, reputation and content is important to you, Echobox should be your platform of choice.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>What do Echobox engineers and a horde of hackers share in common? They\u2019re all working to ensure the utmost security of the Echobox platform. We recently made our bug bounty program public with YesWeHack, a global bug bounty and Vulnerability Disclosure Policy (VDP) platform. Such programs aim to help us pinpoint potential security vulnerabilities and<\/p>\n","protected":false},"author":7,"featured_media":4288,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false},"categories":[2],"tags":[7],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v19.2 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Bug bounties, risk and cybersecurity for publishers: A chat with Echobox\u2019s CTO - Echobox Resources<\/title>\n<meta name=\"description\" content=\"Echobox has teamed up with YesWeHack on a bug bounty program. How does it work? What makes it effective? And why should publishers care?\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.echobox.com\/resources\/blog\/bug-bounties-risk-and-cybersecurity-for-publishers-a-chat-with-echoboxs-cto\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Bug bounties, risk and cybersecurity for publishers: A chat with Echobox\u2019s CTO\" \/>\n<meta property=\"og:description\" content=\"Echobox has teamed up with YesWeHack on a bug bounty program. How does it work? What makes it effective? And why should publishers care?\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.echobox.com\/resources\/blog\/bug-bounties-risk-and-cybersecurity-for-publishers-a-chat-with-echoboxs-cto\/\" \/>\n<meta property=\"og:site_name\" content=\"Echobox Resources\" \/>\n<meta property=\"article:published_time\" content=\"2022-11-17T09:41:58+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-11-21T16:06:43+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.echobox.com\/resources\/wp-content\/uploads\/2022\/11\/Echobox-Public-Bug-Bounty-Program-2022_1.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1600\" \/>\n\t<meta property=\"og:image:height\" content=\"836\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Echobox Team\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"Bug bounties, risk and cybersecurity for publishers: A chat with Echobox\u2019s CTO\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/www.echobox.com\/resources\/wp-content\/uploads\/2022\/11\/Echobox-Public-Bug-Bounty-Program-2022_1.png\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Echobox Team\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.echobox.com\/resources\/#organization\",\"name\":\"Echobox\",\"url\":\"https:\/\/www.echobox.com\/resources\/\",\"sameAs\":[],\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.echobox.com\/resources\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.echobox.com\/resources\/wp-content\/uploads\/2020\/06\/logo-dark.svg\",\"contentUrl\":\"https:\/\/www.echobox.com\/resources\/wp-content\/uploads\/2020\/06\/logo-dark.svg\",\"caption\":\"Echobox\"},\"image\":{\"@id\":\"https:\/\/www.echobox.com\/resources\/#\/schema\/logo\/image\/\"}},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.echobox.com\/resources\/#website\",\"url\":\"https:\/\/www.echobox.com\/resources\/\",\"name\":\"Echobox Resources\",\"description\":\"Insights for news publishers and content creators\",\"publisher\":{\"@id\":\"https:\/\/www.echobox.com\/resources\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.echobox.com\/resources\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.echobox.com\/resources\/blog\/bug-bounties-risk-and-cybersecurity-for-publishers-a-chat-with-echoboxs-cto\/#primaryimage\",\"url\":\"https:\/\/www.echobox.com\/resources\/wp-content\/uploads\/2022\/11\/Echobox-Public-Bug-Bounty-Program-2022_1.png\",\"contentUrl\":\"https:\/\/www.echobox.com\/resources\/wp-content\/uploads\/2022\/11\/Echobox-Public-Bug-Bounty-Program-2022_1.png\",\"width\":1600,\"height\":836},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.echobox.com\/resources\/blog\/bug-bounties-risk-and-cybersecurity-for-publishers-a-chat-with-echoboxs-cto\/#webpage\",\"url\":\"https:\/\/www.echobox.com\/resources\/blog\/bug-bounties-risk-and-cybersecurity-for-publishers-a-chat-with-echoboxs-cto\/\",\"name\":\"Bug bounties, risk and cybersecurity for publishers: A chat with Echobox\u2019s CTO - Echobox Resources\",\"isPartOf\":{\"@id\":\"https:\/\/www.echobox.com\/resources\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.echobox.com\/resources\/blog\/bug-bounties-risk-and-cybersecurity-for-publishers-a-chat-with-echoboxs-cto\/#primaryimage\"},\"datePublished\":\"2022-11-17T09:41:58+00:00\",\"dateModified\":\"2022-11-21T16:06:43+00:00\",\"description\":\"Echobox has teamed up with YesWeHack on a bug bounty program. How does it work? What makes it effective? And why should publishers care?\",\"breadcrumb\":{\"@id\":\"https:\/\/www.echobox.com\/resources\/blog\/bug-bounties-risk-and-cybersecurity-for-publishers-a-chat-with-echoboxs-cto\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.echobox.com\/resources\/blog\/bug-bounties-risk-and-cybersecurity-for-publishers-a-chat-with-echoboxs-cto\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.echobox.com\/resources\/blog\/bug-bounties-risk-and-cybersecurity-for-publishers-a-chat-with-echoboxs-cto\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.echobox.com\/resources\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Bug bounties, risk and cybersecurity for publishers: A chat with Echobox\u2019s CTO\"}]},{\"@type\":\"Article\",\"@id\":\"https:\/\/www.echobox.com\/resources\/blog\/bug-bounties-risk-and-cybersecurity-for-publishers-a-chat-with-echoboxs-cto\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.echobox.com\/resources\/blog\/bug-bounties-risk-and-cybersecurity-for-publishers-a-chat-with-echoboxs-cto\/#webpage\"},\"author\":{\"name\":\"Echobox Team\",\"@id\":\"https:\/\/www.echobox.com\/resources\/#\/schema\/person\/c336c8287f702ce908d2760ab2a3efbb\"},\"headline\":\"Bug bounties, risk and cybersecurity for publishers: A chat with Echobox\u2019s CTO\",\"datePublished\":\"2022-11-17T09:41:58+00:00\",\"dateModified\":\"2022-11-21T16:06:43+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.echobox.com\/resources\/blog\/bug-bounties-risk-and-cybersecurity-for-publishers-a-chat-with-echoboxs-cto\/#webpage\"},\"wordCount\":1158,\"publisher\":{\"@id\":\"https:\/\/www.echobox.com\/resources\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.echobox.com\/resources\/blog\/bug-bounties-risk-and-cybersecurity-for-publishers-a-chat-with-echoboxs-cto\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.echobox.com\/resources\/wp-content\/uploads\/2022\/11\/Echobox-Public-Bug-Bounty-Program-2022_1.png\",\"keywords\":[\"Industry\"],\"articleSection\":[\"Blog\"],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.echobox.com\/resources\/#\/schema\/person\/c336c8287f702ce908d2760ab2a3efbb\",\"name\":\"Echobox Team\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.echobox.com\/resources\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/www.echobox.com\/resources\/wp-content\/uploads\/2020\/07\/Logo-02-150x150.jpg\",\"contentUrl\":\"https:\/\/www.echobox.com\/resources\/wp-content\/uploads\/2020\/07\/Logo-02-150x150.jpg\",\"caption\":\"Echobox Team\"},\"url\":\"https:\/\/www.echobox.com\/resources\/author\/echobox\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Bug bounties, risk and cybersecurity for publishers: A chat with Echobox\u2019s CTO - Echobox Resources","description":"Echobox has teamed up with YesWeHack on a bug bounty program. How does it work? What makes it effective? And why should publishers care?","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.echobox.com\/resources\/blog\/bug-bounties-risk-and-cybersecurity-for-publishers-a-chat-with-echoboxs-cto\/","og_locale":"en_US","og_type":"article","og_title":"Bug bounties, risk and cybersecurity for publishers: A chat with Echobox\u2019s CTO","og_description":"Echobox has teamed up with YesWeHack on a bug bounty program. How does it work? What makes it effective? And why should publishers care?","og_url":"https:\/\/www.echobox.com\/resources\/blog\/bug-bounties-risk-and-cybersecurity-for-publishers-a-chat-with-echoboxs-cto\/","og_site_name":"Echobox Resources","article_published_time":"2022-11-17T09:41:58+00:00","article_modified_time":"2022-11-21T16:06:43+00:00","og_image":[{"width":1600,"height":836,"url":"https:\/\/www.echobox.com\/resources\/wp-content\/uploads\/2022\/11\/Echobox-Public-Bug-Bounty-Program-2022_1.png","type":"image\/png"}],"author":"Echobox Team","twitter_card":"summary_large_image","twitter_title":"Bug bounties, risk and cybersecurity for publishers: A chat with Echobox\u2019s CTO","twitter_image":"https:\/\/www.echobox.com\/resources\/wp-content\/uploads\/2022\/11\/Echobox-Public-Bug-Bounty-Program-2022_1.png","twitter_misc":{"Written by":"Echobox Team","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Organization","@id":"https:\/\/www.echobox.com\/resources\/#organization","name":"Echobox","url":"https:\/\/www.echobox.com\/resources\/","sameAs":[],"logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.echobox.com\/resources\/#\/schema\/logo\/image\/","url":"https:\/\/www.echobox.com\/resources\/wp-content\/uploads\/2020\/06\/logo-dark.svg","contentUrl":"https:\/\/www.echobox.com\/resources\/wp-content\/uploads\/2020\/06\/logo-dark.svg","caption":"Echobox"},"image":{"@id":"https:\/\/www.echobox.com\/resources\/#\/schema\/logo\/image\/"}},{"@type":"WebSite","@id":"https:\/\/www.echobox.com\/resources\/#website","url":"https:\/\/www.echobox.com\/resources\/","name":"Echobox Resources","description":"Insights for news publishers and content creators","publisher":{"@id":"https:\/\/www.echobox.com\/resources\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.echobox.com\/resources\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.echobox.com\/resources\/blog\/bug-bounties-risk-and-cybersecurity-for-publishers-a-chat-with-echoboxs-cto\/#primaryimage","url":"https:\/\/www.echobox.com\/resources\/wp-content\/uploads\/2022\/11\/Echobox-Public-Bug-Bounty-Program-2022_1.png","contentUrl":"https:\/\/www.echobox.com\/resources\/wp-content\/uploads\/2022\/11\/Echobox-Public-Bug-Bounty-Program-2022_1.png","width":1600,"height":836},{"@type":"WebPage","@id":"https:\/\/www.echobox.com\/resources\/blog\/bug-bounties-risk-and-cybersecurity-for-publishers-a-chat-with-echoboxs-cto\/#webpage","url":"https:\/\/www.echobox.com\/resources\/blog\/bug-bounties-risk-and-cybersecurity-for-publishers-a-chat-with-echoboxs-cto\/","name":"Bug bounties, risk and cybersecurity for publishers: A chat with Echobox\u2019s CTO - Echobox Resources","isPartOf":{"@id":"https:\/\/www.echobox.com\/resources\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.echobox.com\/resources\/blog\/bug-bounties-risk-and-cybersecurity-for-publishers-a-chat-with-echoboxs-cto\/#primaryimage"},"datePublished":"2022-11-17T09:41:58+00:00","dateModified":"2022-11-21T16:06:43+00:00","description":"Echobox has teamed up with YesWeHack on a bug bounty program. How does it work? What makes it effective? And why should publishers care?","breadcrumb":{"@id":"https:\/\/www.echobox.com\/resources\/blog\/bug-bounties-risk-and-cybersecurity-for-publishers-a-chat-with-echoboxs-cto\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.echobox.com\/resources\/blog\/bug-bounties-risk-and-cybersecurity-for-publishers-a-chat-with-echoboxs-cto\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.echobox.com\/resources\/blog\/bug-bounties-risk-and-cybersecurity-for-publishers-a-chat-with-echoboxs-cto\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.echobox.com\/resources\/"},{"@type":"ListItem","position":2,"name":"Bug bounties, risk and cybersecurity for publishers: A chat with Echobox\u2019s CTO"}]},{"@type":"Article","@id":"https:\/\/www.echobox.com\/resources\/blog\/bug-bounties-risk-and-cybersecurity-for-publishers-a-chat-with-echoboxs-cto\/#article","isPartOf":{"@id":"https:\/\/www.echobox.com\/resources\/blog\/bug-bounties-risk-and-cybersecurity-for-publishers-a-chat-with-echoboxs-cto\/#webpage"},"author":{"name":"Echobox Team","@id":"https:\/\/www.echobox.com\/resources\/#\/schema\/person\/c336c8287f702ce908d2760ab2a3efbb"},"headline":"Bug bounties, risk and cybersecurity for publishers: A chat with Echobox\u2019s CTO","datePublished":"2022-11-17T09:41:58+00:00","dateModified":"2022-11-21T16:06:43+00:00","mainEntityOfPage":{"@id":"https:\/\/www.echobox.com\/resources\/blog\/bug-bounties-risk-and-cybersecurity-for-publishers-a-chat-with-echoboxs-cto\/#webpage"},"wordCount":1158,"publisher":{"@id":"https:\/\/www.echobox.com\/resources\/#organization"},"image":{"@id":"https:\/\/www.echobox.com\/resources\/blog\/bug-bounties-risk-and-cybersecurity-for-publishers-a-chat-with-echoboxs-cto\/#primaryimage"},"thumbnailUrl":"https:\/\/www.echobox.com\/resources\/wp-content\/uploads\/2022\/11\/Echobox-Public-Bug-Bounty-Program-2022_1.png","keywords":["Industry"],"articleSection":["Blog"],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.echobox.com\/resources\/#\/schema\/person\/c336c8287f702ce908d2760ab2a3efbb","name":"Echobox Team","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.echobox.com\/resources\/#\/schema\/person\/image\/","url":"https:\/\/www.echobox.com\/resources\/wp-content\/uploads\/2020\/07\/Logo-02-150x150.jpg","contentUrl":"https:\/\/www.echobox.com\/resources\/wp-content\/uploads\/2020\/07\/Logo-02-150x150.jpg","caption":"Echobox Team"},"url":"https:\/\/www.echobox.com\/resources\/author\/echobox\/"}]}},"uagb_featured_image_src":{"full":["https:\/\/www.echobox.com\/resources\/wp-content\/uploads\/2022\/11\/Shutterstock_772279729-1.jpg",770,515,false],"thumbnail":["https:\/\/www.echobox.com\/resources\/wp-content\/uploads\/2022\/11\/Shutterstock_772279729-1-150x100.jpg",150,100,true],"medium":["https:\/\/www.echobox.com\/resources\/wp-content\/uploads\/2022\/11\/Shutterstock_772279729-1-300x201.jpg",300,201,true],"medium_large":["https:\/\/www.echobox.com\/resources\/wp-content\/uploads\/2022\/11\/Shutterstock_772279729-1-768x514.jpg",768,514,true],"large":["https:\/\/www.echobox.com\/resources\/wp-content\/uploads\/2022\/11\/Shutterstock_772279729-1.jpg",770,515,false],"1536x1536":["https:\/\/www.echobox.com\/resources\/wp-content\/uploads\/2022\/11\/Shutterstock_772279729-1.jpg",770,515,false],"2048x2048":["https:\/\/www.echobox.com\/resources\/wp-content\/uploads\/2022\/11\/Shutterstock_772279729-1.jpg",770,515,false],"post-thumbnail":["https:\/\/www.echobox.com\/resources\/wp-content\/uploads\/2022\/11\/Shutterstock_772279729-1-270x180.jpg",270,180,true],"contentberg-main":["https:\/\/www.echobox.com\/resources\/wp-content\/uploads\/2022\/11\/Shutterstock_772279729-1-770x515.jpg",770,515,true],"contentberg-main-full":["https:\/\/www.echobox.com\/resources\/wp-content\/uploads\/2022\/11\/Shutterstock_772279729-1-770x508.jpg",770,508,true],"contentberg-slider-stylish":["https:\/\/www.echobox.com\/resources\/wp-content\/uploads\/2022\/11\/Shutterstock_772279729-1.jpg",770,515,false],"contentberg-slider-carousel":["https:\/\/www.echobox.com\/resources\/wp-content\/uploads\/2022\/11\/Shutterstock_772279729-1-370x370.jpg",370,370,true],"contentberg-slider-grid-b":["https:\/\/www.echobox.com\/resources\/wp-content\/uploads\/2022\/11\/Shutterstock_772279729-1-554x466.jpg",554,466,true],"contentberg-slider-grid-b-sm":["https:\/\/www.echobox.com\/resources\/wp-content\/uploads\/2022\/11\/Shutterstock_772279729-1-306x466.jpg",306,466,true],"contentberg-slider-bold-sm":["https:\/\/www.echobox.com\/resources\/wp-content\/uploads\/2022\/11\/Shutterstock_772279729-1-150x150.jpg",150,150,true],"contentberg-grid":["https:\/\/www.echobox.com\/resources\/wp-content\/uploads\/2022\/11\/Shutterstock_772279729-1-370x245.jpg",370,245,true],"contentberg-list":["https:\/\/www.echobox.com\/resources\/wp-content\/uploads\/2022\/11\/Shutterstock_772279729-1-260x200.jpg",260,200,true],"contentberg-list-b":["https:\/\/www.echobox.com\/resources\/wp-content\/uploads\/2022\/11\/Shutterstock_772279729-1-370x305.jpg",370,305,true],"contentberg-thumb":["https:\/\/www.echobox.com\/resources\/wp-content\/uploads\/2022\/11\/Shutterstock_772279729-1-87x67.jpg",87,67,true],"contentberg-thumb-alt":["https:\/\/www.echobox.com\/resources\/wp-content\/uploads\/2022\/11\/Shutterstock_772279729-1-150x150.jpg",150,150,true]},"uagb_author_info":{"display_name":"Echobox Team","author_link":"https:\/\/www.echobox.com\/resources\/author\/echobox\/"},"uagb_comment_info":0,"uagb_excerpt":"What do Echobox engineers and a horde of hackers share in common? They\u2019re all working to ensure the utmost security of the Echobox platform. We recently made our bug bounty program public with YesWeHack, a global bug bounty and Vulnerability Disclosure Policy (VDP) platform. Such programs aim to help us pinpoint potential security vulnerabilities and","_links":{"self":[{"href":"https:\/\/www.echobox.com\/resources\/wp-json\/wp\/v2\/posts\/4260"}],"collection":[{"href":"https:\/\/www.echobox.com\/resources\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.echobox.com\/resources\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.echobox.com\/resources\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/www.echobox.com\/resources\/wp-json\/wp\/v2\/comments?post=4260"}],"version-history":[{"count":7,"href":"https:\/\/www.echobox.com\/resources\/wp-json\/wp\/v2\/posts\/4260\/revisions"}],"predecessor-version":[{"id":4298,"href":"https:\/\/www.echobox.com\/resources\/wp-json\/wp\/v2\/posts\/4260\/revisions\/4298"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.echobox.com\/resources\/wp-json\/wp\/v2\/media\/4288"}],"wp:attachment":[{"href":"https:\/\/www.echobox.com\/resources\/wp-json\/wp\/v2\/media?parent=4260"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.echobox.com\/resources\/wp-json\/wp\/v2\/categories?post=4260"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.echobox.com\/resources\/wp-json\/wp\/v2\/tags?post=4260"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}