How to run a kick-ass bug bounty program
Casey Ellis – CEO Chris Raethke – CTO
Bugcrowd Inc
AGILE SCRUM
PAIRING TDD
CI
BEST PRACTICE...
all apps have security bugs
...REALITY
Current Approach
Bad Guys Good Guys
...help!
ARRRGGGH!
A Better Approach
Bad Guys Moar’ Good Guys
...arrrrrgh?
What is a bug bounty program?
Bug bounties are awesome…
…but hard.
The mistake *everyone* makes
DATA PEOPLE
The Golden Rules
Respect the researcher
If you touch code, pay it.
Manage expectations
Normalize inputs
Pay quickly
Fix problems quickly
Be open about duplicates
Questions?
Casey Ellis – CEO Chris Raethke – CTO
Bugcrowd Inc
Top Related