Bug Bounties; Working Towards a Fairer and Safer Marketplace

Presented at Black Hat Europe 2017, Dec. 7, 2017, 2:15 p.m. (25 minutes).

Bug bounties are becoming better understood and more deeply embedded into the information security industry. The number of enterprise organisations, researchers, and bounty pay-outs are on the rise and there is also a notable increase in the criticality of submissions. Adoption is increasing remarkably fast and expectations are that it will continue to do so for the foreseeable future. The area of responsible reporting is far from resolved, yet despite the challenges that remain, bug bounty programmes are being launched at a remarkable pace, facing many of the same challenges. There is evidence of both good and bad practice in the bug bounty marketplace have been looking at how to better understand bug bounty programmes, consider how such programmes sit in wider technical assurance frameworks, provide advice to the buyers of such services, protect the interests of those participating in programmes and finally, where appropriate, improve the bug bounty landscape.


Presenters:

  • Ian Glover - President, CREST
    Ian has over 30 years’ experience working in the information technology industry. He was one of the founding partners of Insight Consulting, a company that was recognised as being the leading independent provider of specialist information assurance services in the UK. When the business was sold to Siemens Ian sat on the Board of Siemens Communications. Ian also established the CLAS Forum with CLAS as a partnership linking the Information Assurance knowledge of the UK Government with the expertise and resources of the private sector. The Forum, which promotes the interests of the CLAS community, provides a pool of more than 800 high quality consultants approved by the NCSC to provide Information Assurance advice to UK Government departments. The Forum was established. He was the Chairman of the Forum until April 2012.Ian is additionally part of the UK project team building the next land speed record car, Bloodhound SSC.

Links:

Similar Presentations: