Decoding Bug Bounty Programs - Jon Rose

Explore the world of bug bounty programs in this informative conference talk from DerbyCon 3.0. Discover how these programs are revolutionizing business security and learn about their benefits, potential problems, and impact on the industry. Gain insights into disclosure policies, scope considerations, and the importance of false positives. Understand the motivations behind bug hunting, including prestige, recognition, and financial rewards. Examine statistics that demonstrate the effectiveness of bug bounty programs and their influence on changing testing methodologies. Receive valuable advice on submitting bugs, accepting reports, providing rewards, and ultimately enhancing your organization's security posture.

Intro
Bug Bounty Programs are Revolutionizing the way businesses protect themselves
Any Bug Reporters?
Simple Rules
Disclosure Policy
Do you pay for valid bugs that are out of scope?
5 Major Benefits
Are companies with bug bounties MORE secure?
Potential Problems
FALSE POSITIVES AREA NECESSARY EVIL
Prestige, Recognition, and Fame
Money Fame Experience
Statistics Don't Lie
changing testing
Free Advice
Submit bugs Accept bugs Provide Rewards Get Secure