Explore the complexities of bug bounty programs in this 20-minute conference talk from Security BSides London. Delve into the hidden depths beyond publishing a scope, examining whether more eyes truly lead to better security outcomes. Analyze the intricacies of project-specific and non-project-specific hunters, and uncover the surprising connection between the city of St Petersburg and bug bounties. Gain insights into the motivation behind these programs, statistical evidence, relevant academic studies, and various hunter archetypes. Investigate the St Petersburg Paradox and its application to bug bounty ecosystems. Conclude with a discussion on private programs and their role in the broader security landscape.
Overview
Syllabus
Introduction
Motivation
The Problem
Statistics
Academic Studies
Archetypes
St Petersburg Paradox
References
Private Programs
Taught by
Security BSides London
Related Courses
-
An Oral History of Bug Bounty Programs
-
Security Evolution - Bug Bounty Programs for Web Applications
-
Fad or Future - Getting Past the Bug Bounty Hype
-
Bug Bounty Programs - Successfully Controlling Complexity and Perpetual Temptation
-
Bug Bounty - Why Is This Happening
-
Hacking the Law - A Call for Action – Bug Bounties Legal Terms as a Case Study
