Tips on Building a World-Class Bug Bounty Program - Zenefits Red Team Insights

Discover best practices for building a world-class bug bounty program from Mack Staples, Senior Manager of Zenefits' Red Team. Learn how to protect sensitive customer data, including PII and PHI, through effective security strategies. Explore tips on partnering with engineering teams, establishing communication mechanisms, and maintaining program quality. Gain insights into program scope, managing entry, researcher selection, and responsiveness. Understand how to keep your program interesting and address common challenges. Get practical advice on starting a new program, implementing security training, and responding to reports. This 52-minute webinar, hosted by HackerOne, offers valuable knowledge for organizations looking to enhance their cybersecurity efforts through bug bounty initiatives.

Intro
Macks Background
Plan for the Best Expect the Worst
Value of Partnering with Engineering and Development Teams
Mechanism for Communication
Maintaining a Good Program
Questions
Bonus Tips
Program Scope
Managing Entry
Rock Star
Which Researcher
Responsiveness
How do you respond to reports
How do you keep the program interesting
Questions for Mack
Starting a new program
Security training
Security training process
Wrap up