If You Can’t Beat ‘Em Join ‘Em: Practical Tips For Running A Successful Bug Bounty Program

Presented at AppSec USA 2016, Oct. 14, 2016, 2:15 p.m. (60 minutes).

Having a bug bounty program is one of the most efficient methods of finding security vulnerabilities today. But, as anyone who has tried to run a bug bounty program knows, it's not a trivial undertaking... As professionals who have helped to manage hundreds of bug bounty programs, we're uniquely positioned to provide advice on how to succeed. Whether you're already running a bug bounty program, are looking to run a bug bounty program, or are a researcher, this talk aims to deepen your knowledge of the subject.


Presenters:

  • Grant McCracken - Solutions Architect - Bugcrowd
    Grant has been with Bugcrowd, a crowdsourced cybersecurity solution, for roughly two years - initially helping process bounty submissions as an Application Security Engineer/Analyst, and later transitioning to his current role of Solutions Architect. With a background in appsec, and an occasional bug hunter himself, he offers a unique perspective to Bugcrowd clients - helping them create, setup, and manage successful bounty programs across a variety of targets/environments/needs. Before Bugcrowd, Grant spent some time traveling the world while validating vulnerabilities, and before that, did a few years at Whitehat Security. His past speaking experience includes presenting at BSides Austin and Appsec EU - and when not working and/or running around in circles, he can be found singing and "dancing" on Youtube.
  • Daniel Trauner
    Daniel Trauner is a Senior Application Security Engineer at Bugcrowd - a crowdsourced cybersecurity solution. He works with (and is sometimes a part of) the thousands of security researchers worldwide who collectively attempt to understand, break, and fix anything that companies will let them. Previously, he was the lead iOS researcher on HP's Fortify Security Research team, where he contributed to the HP Fortify Static Code Analyzer across many of its supported languages. Daniel has spoken at a number of other security conferences and meetups, both in the Bay Area and elsewhere. Growing up, he was always the kid who had more fun knocking down Lego towers than actually building them. Outside of security, Daniel enjoys reading, writing, collecting art, and trying to solve problems that others consider to be Kobayashi Maru scenarios.

Links:

Similar Presentations: