Managing for Success: Maintaining a Healthy Bug Bounty Program Long Term

Presented at Black Hat USA 2019, Aug. 8, 2019, 12:10 p.m. (50 minutes)

Your bounty program has launched and is clicking along… but are you getting optimal results once the initial excitement wanes? How do you measure and report on program success? How can you build gamification and incentive models that lead to high value vulnerability reports, while discouraging low impact reports that distract your engineers from issues that put customers at risk? And while everyone hopes to never need it, what’s the playbook for handling conflict or vulnerability disclosure situations?

Presenters:

• Chloe Brown - Strategy Program Manager, Bugcrowd
  Chloe Brown has spent over a decade passionately crafting connections between community members and development teams. After many years in the gaming industry, Chloe brought her substantial skills for building trusted relationships, facilitating actionable feedback, and creating content for customer acquisition, engagement and retention to the security industry as a Researcher Operations Program Manager for a bug bounty platform in 2016.

Links:

• https://www.blackhat.com/us-19/briefings/schedule/#managing-for-success-maintaining-a-healthy-bug-bounty-program-long-term-17348
• https://infocon.org/cons/Black Hat/Black Hat USA/Black Hat USA 2019/Managing for Success Maintaining a Healthy Bug Bounty Program Long Term.mp4
• https://infocon.org/cons/Black Hat/Black Hat USA/Black Hat USA 2019/Managing for Success Maintaining a Healthy Bug Bounty Program Long Term.en.transcribed.srt (subtitles)
• https://www.youtube.com/watch?v=GN07mOORS8I

Similar Presentations:

• AppSec USA 2016 / If You Can’t Beat ‘Em Join ‘Em: Practical Tips For Running A Successful Bug Bounty Program
• Black Hat USA 2019 / Planning a Bug Bounty: The Nuts and Bolts from Concept to Launch
• BSides Austin 2016 / If You Can't Beat 'Em, Join 'Em: Tips For Running a Successful Bug Bounty Program