Critical Vulnerabilities and Bug Bounty Programs

Explore critical vulnerabilities uncovered through bug bounty programs in this Black Hat 2015 presentation by Kymberlee Price. Gain insights into the impact of these vulnerabilities on customers, learn about notable bug bounty programs like Google's Vulnerability Reward Program and Microsoft's Bounty Program, and understand the state of bug bounty reporting. Examine specific bugs and vulnerabilities, including detailed breakdowns and their significance. Discover strategies for collecting essential information, reducing noise in bug reports, and effectively communicating priorities. Evaluate the value of bug bounty programs and their role in vulnerability disclosures. Engage with real-world examples from major tech companies and learn how to improve your own bug hunting and reporting skills.

Introduction
Google Vulnerability Reward Program
Microsoft Bounty Program
State of Bug Bounty Report
Specific Bugs
Peter
Smartsheet
The Bug
Another Vulnerability
Vulnerability Overview
Collecting the Right Information
Example from Facebook
How to reduce noise
Scope documentation
Communicating priorities
Is it worth the hassle
Reducing noise
Vulnerability disclosures
Call to action
Questions