Formula for a Bug Bounty Program

Presented at NolaCon 2019, May 18, 2019, 11 a.m. (Unknown duration)

<p>Bug bounty programs are increasingly common in today’s security organizations, and they can be of great value if implemented well. Before initiating your own bug bounty program, it’s important to understand some do’s and don’ts. </p> <p>Today Verizon Media operates one of the largest bug bounty programs, having paid out $5 million in bounties in 2018. This presentation is the first in a series that offers a glimpse into how Verizon Media has grown its successful program and offers best practices for organizations looking to start their own program or for those looking to optimize existing programs. </p>

Presenters:

• Chris Holt
  Certified by GAIC, NTISSI, PADI, and previously by the USSF, Chris Holt is constantly learning something new. As the Senior Bug Bounty Operations Lead at Verizon Media, he is responsible for the bug bounty program operations, development and growth including live hacking events. Previously, Chris worked on web, api and mobile mobile application penetration testing across many different types of products but currently is found operating the bug bounty program at Verizon Media.

Links:

• https://nolacon.com/talk/formula-for-a-bug-bounty-program
• https://infocon.org/cons/NolaCon/NolaCon 2019/Formula for a Bug Bounty Program Chris Holt.mp4

Similar Presentations:

• DeepSec 2020 „The Masquerade“ / Scaling A Bug Bounty Program
• Black Hat USA 2022 / Bug Bounty Evolution: Not Your Grandson's Bug Bounty
• AppSec USA 2016 / If You Can’t Beat ‘Em Join ‘Em: Practical Tips For Running A Successful Bug Bounty Program