You're listening to the Cyberwire Network, powered by N2K.

Welcome to Cyberwire X, where we unpack the critical conversations shaping cybersecurity today.

I'm Dave Bittner.

Bug Bounty programs are where businesses meet ethical hackers, a partnership built on curiosity, skill, and a shared goal, better security.

But building that trust isn't as simple as swapping vulnerabilities for payouts.

In today's episode, Annie Turner, senior security engineer and bug bounty program lead at Adobe,

and Jasmine Larry, a seasoned ethical hacker and one of Adobe's top researchers,

unpack what it really takes to make this relationship

thrive. From the motivations driving both sides to the myths that still cloud the field,

we dig into the winds, the roadblocks, and the quiet factors like communication and shared

purpose that can turn a bounty board into a real security asset.

So today we're talking about strengthening product security through ethical hacker collaboration.

Before we dig into some of the details here, I'd love to learn a little bit about each of you.

Annie, let me start with you.

Where did you get your start and what led you to where you are today?

Yeah, so I actually started out as a software engineer,

very non-traditional, but I was aware of, you know,

some basic security practices as an engineer, but honestly security wasn't something I

focused on deeply at first. That changed when I was pursuing my master's in information systems and took

an introductory cybersecurity class. It kind of opened my eyes to just how fragile the system we

built can be and how a single oversight can lead to a major vulnerability.

And so I realized that nothing rebuild is truly secure by default,

...