Explore the intricacies of bug bounty programs in this insightful conference talk from NULLCON Goa 2020. Delve into the world of cybersecurity as Adam Ruddermann, Director of Bug Bounty Services Practice at NCC Group, shares his extensive experience and unique perspective. Gain valuable insights into the challenges faced by both bug hunters and program managers, including the loneliness of bug hunting, internal fatigue within organizations, and the complexities of fixing vulnerabilities. Examine the reality behind the bug bounty dream, including investor pressures and the impact of code age. Learn about the importance of Vulnerability Disclosure Programs (VDPs) and the need for collaboration in the industry. Discover practical advice on how to navigate the bug bounty landscape and contribute to incremental positive changes in cybersecurity. Whether you're a seasoned security professional or new to the field, this talk offers a comprehensive look at the current state and future potential of bug bounty programs.
Overview
Syllabus
Introduction
Adams background
Agenda
NonAgenda
Three personas
Bug hunting is lonely
What is this like for bug bounty programs
People with suits
Why Bug Bounty
The Dream
Internal Fatigue
Bug Bounty Talks
Bug Bounty Guide Map
Reality Check
The Problem
Speed of fixes
Age of code
Why is this happening
Investors
How does this matter
Objections
What do you need
The Horde
No legal side
Hopefulness
VDPs
Limitations
Revolutionary times
Purity testing
What can we all do
The more common the better
We all need to work together
Incremental change
QA
Taught by
nullcon
