Overview
Explore the evolution of bug bounty programs in this 38-minute Black Hat conference talk. Delve into the history of bug bounties, from their inception to the game-changing "Hack The Pentagon" initiative in 2016. Examine the myths and realities of competing with the offense market, and consider alternative solutions for ethical hackers. Analyze the effectiveness of modern bug bounty programs over the past decade, and discover potential future directions for hackers, organizations, and the security industry. Learn about vulnerability coordination maturity models, organizational commitment, labor laws, and big payouts. Gain insights into metrics, vulnerability handling, and the potential of cybersecurity apprenticeships in shaping the future of bug bounty programs.
Syllabus
Intro
The Parable of the Long Spoon
History of Bug Bounty
Vulnerability Coordination maturity model
Organizational commitment
Labor laws
Big payouts
Whats next
Metrics
Vulnerability Handling
Cybersecurity Apprenticeships
Conclusion
Taught by
Black Hat