Bug Bounty Programs

Presented at AppSec USA 2012, Oct. 25, 2012, 2 p.m. (45 minutes).

Moderator: Jeremiah Grossman


Presenters:

  • Michael Coates - Director of Product Security - Shape Security
    Michael Coates is the Chairman of the OWASP board, an international non-profit organization focused on advancing and evangelizing the field of application security.  In addition, he is the creator of OWASP AppSensor, a project dedicated to creating attack aware applications that leverage real time detection and response capabilities. Michael is also the Director of Product Security at Shape Security, a Silicon Valley startup developing an entirely new type of web security product to protect web sites against modern attacks. Previously, Michael was the Director of Security Assurance at Mozilla where he founded and grew the Security Assurance and Web Security programs to 25 people. Throughout Michael's career he has advised major corporations and governments on secure architecture and software security. He's also performed hundreds of technical security assessments for financial, enterprise, and cellular customers worldwide. Michael also maintains a security blog at michael-coates.blogspot.com Michael holds a Master of Science degree in Computer, Information and Network Security from DePaul University and a Bachelor of Science degree in Computer Science from the University of Illinois at Urbana-Champaign.
  • Alex Rice
    Product Security, Facebook
  • Adam Mein - Security Program Manager - Google
    Some people like to find bugs; Adam likes to make sure they get fixed. He gets lots of opportunities to fulfill this (admittedly, sad) ambition as Manager of Google's Vulnerability Management team and Web Reward Program. Outside of work, Adam spends most of his time chasing around his 10 month old son and supporting his beloved Canberra Raiders rugby league team.
  • Chris Evans - Troublemaker - Google
    Chris Evans is the author of vsftpd, a vulnerability researcher and for a paycheck, he built and now looks after the Google Chrome Security Team. Unruly bunch. Details of vsftpd are at https://security.appspot.com/vsftpd.html. His research includes vulnerabilities in all the major browsers (Firefox, Safari, Internet Explorer, Opera, Chrome); the Linux and OpenBSD kernels; Sun's JDK; and lots of open source packages. He blogs about some of his work at http://scarybeastsecurity.blogspot.com/. At Google, Chris is passionate about watching out for hundreds of millions of Chrome end users. Whilst at Google, Chris has launched Vulnerability Reward Programs for both Chromium and Google web properties. He asserts that both have been very successful and has very much enjoying engaging in moving security forward with the wider security community. Chris presents at various conferences, preferably in interesting locations (PacSec, HiTB Dubai, HiTB Malaysia, BlackHat Europe, HiTB Amsterdam, OWASP, etc.) and is on the HiTB and WOOT paper selection panels.
  • Jeremiah Grossman - Founder - WhiteHat Security
    Jeremiah Grossman is the Founder and iCEO of WhiteHat Security, where he sets overall company vision and oversees day to day operations. Over the last decade, Mr. Grossman has written dozens of articles, white papers, and is a published author. His work has been featured in the Wall Street Journal, Forbes, NY Times and hundreds of other media outlets around the world. As a well-known security expert and industry veteran, Mr. Grossman has been a guest speaker on six continents at hundreds of events including TED, BlackHat Briefings, RSA, SANS, and others. He has been invited to guest lecture at top universities such as UC Berkeley, Stanford, Harvard, UoW Madison, and UCLA. Mr. Grossman is also a co-founder of the Web Application Security Consortium (WASC) and previously named one of InfoWorld's Top 25 CTOs. He serves on the advisory board of two hot start-ups, Risk I/O and SD Elements, and is a Brazilian Jiu Jitsu Black Belt. Before founding WhiteHat, Mr. Grossman was an information security officer at Yahoo!

Links:

Similar Presentations: