Bug Bounties - Relationship Advice for the Hunters and the Hunted

Explore the intricacies of bug bounty programs in this 54-minute conference talk presented by Katie Moussouris at the 44CON Information Security Conference. Gain insights into structuring effective bug bounty programs and maximizing their benefits for both organizations and hackers. Learn about making a business case for bug bounties, the importance of report quality, pricing strategies, and the impact of black markets. Discover how bug bounties are democratizing security research and their role in major tech companies like Microsoft and Google. Examine the challenges of national bug bounties, legal frameworks, and the future of vulnerability disclosure programs. Understand the delicate balance required to maintain successful relationships between bounty providers and security researchers in this comprehensive overview of the bug bounty ecosystem.

Introduction
Audience Questions
Making a Business Case
The Role of Bug Bounties
Quality of Report
Pricing
Black Market
democratizing bug bounties
selling bug bounties to Microsoft
competing with Google and Microsoft
national bug bounties
legal frameworks
bug bounty program
Google project zero
Whats next