Running a Bug Bounty Program - What You Need to Know
Offered By: OWASP Foundation via YouTube
Course Description
Overview
Explore the intricacies of running a bug bounty program in this 46-minute conference talk from AppSecEU 2016 in Rome. Delve into the reasons behind implementing bug bounties, their value, and the key players involved. Learn about offering rewards, setting up basic resources and environments, managing access, and fostering teamwork. Gain insights on handling the program post-launch, including the importance of speed, distinguishing between good and bad reports, and implementing a rating taxonomy. Discover validation horror stories and success stories, and understand the significance of marketing in bug bounty programs. Conclude with a Q&A session to address specific concerns and queries.
Syllabus
Introduction
Grant McCracken
Bug bounties
Why
Who
Value
Running a bug bounty
Offering rewards
Its you vs them
Step 0 Basic resources
Environment
Shared Environments
Access
Teamwork
After the program goes live
Summary
Speed
Good and bad reports
Rating taxonomy
Why rating taxonomy is important
Validation horror stories
Success stories
Conclusion
Question
Marketing
Taught by
OWASP Foundation
Related Courses
Careers in Media TechnologyStanford University via Kadenze Evidence-Based Project Management
Australian National University via edX Health in Complex Humanitarian Emergencies
Emory University via Coursera Strategic Applications of IT Project & Program Management
University of Washington via edX Agile Process, Project, and Program Controls
University System of Maryland via edX