From Bounties to Bureaucracy - The Hidden Market Factors of Exploit Economics

Explore the evolution and impact of bug bounty programs in this 36-minute conference talk from BSidesSF 2018. Delve into the history of the Zero Day Initiative (ZDI) and how it revolutionized vulnerability reporting. Learn about the program's growth from controversial concept to essential security practice, awarding over $15 million USD and patching nearly 4,000 0-day exploits. Discover how bug bounty programs provide insights into vulnerability trends, disrupt the exploit marketplace, and influence government regulations. Gain valuable knowledge on how these programs predict future attack surfaces and force malicious actors to adapt their techniques. Join ZDI Director Brian Gorenc as he examines the current landscape of bounty programs, their role in shaping the vulnerability economy, and their effectiveness in enhancing global cybersecurity.