Data Driven Bug Bounty

Learn how to maximize the value of your bug bounty program through data-driven approaches in this conference talk from BSidesSF 2018. Explore essential metrics to collect, including response times, vulnerable components, bug classes, and team performance. Discover how to leverage this data to assess security posture, identify weak spots, improve team responsiveness, and measure progress over time. Gain insights into creating effective graphs and metrics for internal use, and understand how to integrate these findings into your security planning process. Enhance your organization's ability to address vulnerabilities efficiently and systematically through data-driven bug bounty management.

Introduction
Agenda
Program Logistics
DataDriven Program
Time to Fix
Subteams
Vulnerability Sources
Metrics
Methodology
QA