Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Best Practices for Structuring Effective Bug Bounty Programs

OWASP Foundation via YouTube

Overview

Explore the world of bug bounty programs in this 55-minute conference talk from AppSecUSA 2016. Delve into the evolution, structure, and best practices of these valuable vulnerability identification tools. Learn about the Department of Defense's first authorized bug bounty program and how vendors are reevaluating their approach. Address key concerns such as controlling bug hunters, security and privacy issues, contractual matters, handling rogue hackers, and liability and compliance considerations. Gain insights from industry experts Jim Denaro and Casey Ellis as they discuss effective program structuring, offensive and defensive applications of intellectual property, and the scalability of bug bounty initiatives. Understand the rewards and risks associated with these programs, and discover how they're reshaping the landscape of cybersecurity.

Syllabus

Intro
Introductions
Outline
Shark analogy
The reward
The risk
Survey results
Bug bounty evolution
Scale
Brief
Scope
Budgeting
Legal
Rogue Hacking
Questions
Offensive vs Defensive
Trust

Taught by

OWASP Foundation

Reviews

Start your review of Best Practices for Structuring Effective Bug Bounty Programs

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.