Explore the intricacies of bug bounty programs in this 54-minute conference talk presented by Katie Moussouris at the 44CON Information Security Conference. Gain insights into structuring effective bug bounty programs and maximizing their benefits for both organizations and hackers. Learn about making a business case for bug bounties, the importance of report quality, pricing strategies, and the impact of black markets. Discover how bug bounties are democratizing security research and their role in major tech companies like Microsoft and Google. Examine the challenges of national bug bounties, legal frameworks, and the future of vulnerability disclosure programs. Understand the delicate balance required to maintain successful relationships between bounty providers and security researchers in this comprehensive overview of the bug bounty ecosystem.
Bug Bounties - Relationship Advice for the Hunters and the Hunted
44CON Information Security Conference via YouTube
Overview
Syllabus
Introduction
Audience Questions
Making a Business Case
The Role of Bug Bounties
Quality of Report
Pricing
Black Market
democratizing bug bounties
selling bug bounties to Microsoft
competing with Google and Microsoft
national bug bounties
legal frameworks
bug bounty program
Google project zero
Whats next
Taught by
44CON Information Security Conference
Related Courses
-
We Hacked The Planet - Now What?
-
Bug Bounty Evolution - Not Your Grandson's Bug Bounty
-
Critical Vulnerabilities and Bug Bounty Programs
-
Hacking the Law- Are Bug Bounties a True Safe Harbor? - USENIX Enigma Conference - 2018
-
Bug Bounty Programs - Successfully Controlling Complexity and Perpetual Temptation
-
From Dystopia to Opportunity - Stories from the Future of Cybersecurity
