Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

To Bounty or Not to Bounty - Security@ Insights from 500 Organizations

OWASP Foundation via YouTube

Overview

Explore insights from 500 organizations on vulnerability disclosure programs in this AppSec California 2016 conference talk. Gain a comprehensive understanding of the surge in Security@ activity and learn about a weighted index framework for assessing program performance across six dimensions. Discover an analytical approach to running effective Security@ programs, whether you have an active bug bounty program or are just starting out. Benefit from Alex Rice's expertise as he shares lessons from his experience at Facebook and HackerOne, and learn how to shed blind dogma in favor of data-driven decision-making. Walk away with practical knowledge on metrics, response efficiency, and community engagement to enhance your organization's security collaboration efforts.

Syllabus

Intro
Facebook
HackerOne
A caveat
Who is this talk for
Different ways to answer
Vulnerability metrics
Response efficiency
Bar metrics
Example program
Do we bounty or not
Responsible disclosure
Community resources
State of the Internet
Bug bounty
Riot Games
Summary
Would you do a bug bounty
How do you deal with disclosures

Taught by

OWASP Foundation

Reviews

Start your review of To Bounty or Not to Bounty - Security@ Insights from 500 Organizations

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.