YoVDO

Fad or Future - Getting Past the Bug Bounty Hype

Offered By: Black Hat via YouTube

Tags

Black Hat Courses Team Engagement Courses Application Security Courses Vulnerability Management Courses

Course Description

Overview

Explore the realities of bug bounty programs in this 51-minute Black Hat conference talk. Gain insights from experienced bounty managers as they discuss the impact on application security, signal-to-noise ratio, return on investment, and interactions with bounty hunters. Learn about crucial aspects like scoping, budgeting, vulnerability valuation, and effective communication. Discover the importance of mature operational security practices, competition dynamics, and how bug bounties complement existing security measures. Delve into topics such as private vs. public programs, vendor agreements, disclosure policies, and balancing rewards. Understand team structures, handling low-quality bug reports, and engaging application teams. Get practical advice on prioritizing internally, managing technical vs. business risk, and setting appropriate rewards and scope for your bug bounty program.

Syllabus

Intro
About me
About the panelists
Scope of the bounty programs
Numbers and results
What is a bug bounty
What do you wish youd known before launching
How to forecast and plan both resourcing and budget
Understanding the value of a vulnerability
Communication is key
Mature OPSEC practice
Competition
Complementing Security
Silent Circle
Training
Private vs Public
Vendor Agreements
Bug Bounty Program
Disclosure
Balancing the Bounty
Tactical Resources
Team Structure
Handling lowquality bugs
Lowquality bugs
Respect your research
Technical risk vs business risk
How to get application teams engaged
Prioritize internally
Technical vs business risk
Reward
Out of Scope
Rewards
Scope
Charles
Patrick F


Taught by

Black Hat

Related Courses

Lead Like an Entrepreneur
Babson Global via NovoEd
The Science of Leadership
Udemy
Value-Based Care: Quality Improvement in Organizations
University of Houston via Coursera
Lean Leadership Skills, Lean Culture & Lean Management
Udemy
Project Management: Solving Common Project Problems
LinkedIn Learning