Discover best practices for building a world-class bug bounty program from Mack Staples, Senior Manager of Zenefits' Red Team. Learn how to protect sensitive customer data, including PII and PHI, through effective security strategies. Explore tips on partnering with engineering teams, establishing communication mechanisms, and maintaining program quality. Gain insights into program scope, managing entry, researcher selection, and responsiveness. Understand how to keep your program interesting and address common challenges. Get practical advice on starting a new program, implementing security training, and responding to reports. This 52-minute webinar, hosted by HackerOne, offers valuable knowledge for organizations looking to enhance their cybersecurity efforts through bug bounty initiatives.
Tips on Building a World-Class Bug Bounty Program - Zenefits Red Team Insights
Overview
Syllabus
Intro
Macks Background
Plan for the Best Expect the Worst
Value of Partnering with Engineering and Development Teams
Mechanism for Communication
Maintaining a Good Program
Questions
Bonus Tips
Program Scope
Managing Entry
Rock Star
Which Researcher
Responsiveness
How do you respond to reports
How do you keep the program interesting
Questions for Mack
Starting a new program
Security training
Security training process
Wrap up
Taught by
HackerOne
Related Courses
-
Security@2023 - Insider Tips for a Productive Bug Bounty Program
-
Practical Tips for Running a Successful Bug Bounty Program
-
Bug Bounty Field Manual - Cliff Notes for Planning and Operating Successful Programs
-
5 Tips and Tricks for Running a Successful Bug Bounty Program
-
Barracuda Bug Bounty Program Evolution - From Inception to Bugcrowd Platform
-
Fad or Future - Getting Past the Bug Bounty Hype
