Leveling Up Your Bug Bounty Program

Explore the world of bug bounty programs in this 31-minute LASCON conference talk by Charles Valentine, VP of Technology Services at Indeed.com. Discover why top security programs are leveraging diverse skill sets to reduce risk, learn about potential pitfalls, and understand when to deploy or avoid these programs. Gain insights from Indeed's two-year Bug Bounty program experience, focusing on real-world examples of business logic flaws and high-priority vulnerabilities discovered despite existing security testing processes. Delve into topics such as risk assessment, various bug-catching approaches, objections from product and engineering teams, metrics-driven strategies, and the evolution of Indeed's program. Examine the impact on security teams, response times, and payout structures. Learn how to effectively work with the crowd, reduce workload, and involve engineers in security initiatives. Explore innovative approaches like Lockpicking Happy Hour and Firewall Free Fridays, and discover the importance of education and internal security challenges in fostering a strong security culture.