When Paddy Power Betfair’s (PPB) bug bounty journey began in early 2018, it felt like a natural next step to strengthen the company’s security posture. PPB has a Continuous Integration/Continuous Delivery (CI/CD) development culture with an agile mindset, and that means short development cycles and quick release of new features on our web platforms. A common concern with CI/CD in large scale and complex web products is the possibility of introducing bugs in production before the new feature has had time to mature and be thoroughly assessed.
To us, the best way to address this challenge is to embed security in each stage of the Software Development Life Cycle (SDLC), from the early planning stages, through implementation and release, and eventually to production monitoring of established products. To ensure we were able to scale with our growth, we worked hard to automate these security controls in as many stages as possible.Continue reading “PPB’s Bug Bounty Journey – Looking back four years on”