Explore the intricacies of running a bug bounty program in this 46-minute conference talk from AppSecEU 2016 in Rome. Delve into the reasons behind implementing bug bounties, their value, and the key players involved. Learn about offering rewards, setting up basic resources and environments, managing access, and fostering teamwork. Gain insights on handling the program post-launch, including the importance of speed, distinguishing between good and bad reports, and implementing a rating taxonomy. Discover validation horror stories and success stories, and understand the significance of marketing in bug bounty programs. Conclude with a Q&A session to address specific concerns and queries.
Running a Bug Bounty Program - What You Need to Know
Overview
Syllabus
Introduction
Grant McCracken
Bug bounties
Why
Who
Value
Running a bug bounty
Offering rewards
Its you vs them
Step 0 Basic resources
Environment
Shared Environments
Access
Teamwork
After the program goes live
Summary
Speed
Good and bad reports
Rating taxonomy
Why rating taxonomy is important
Validation horror stories
Success stories
Conclusion
Question
Marketing
Taught by
OWASP Foundation
Related Courses
-
Navigating the Bug Bounty Industry
-
Practical Tips for Running a Successful Bug Bounty Program
-
Bug Bounty Field Manual - Cliff Notes for Planning and Operating Successful Programs
-
5 Tips and Tricks for Running a Successful Bug Bounty Program
-
Hard Knock Lessons on Bug Bounties
-
Security Evolution - Bug Bounty Programs for Web Applications
