1. InfoconDB
  2. OWASP
  3. AppSec USA 2016
  4. Your License for Bug Hunting Season

Your License for Bug Hunting Season

Presented at AppSec USA 2016, Oct. 13, 2016, 10:45 a.m. (60 minutes)

You don't need a license for bug hunting season anymore. Bug bounty programs are becoming well established as a valuable tool in identifying vulnerabilities early. The Department of Defense has authorized its first bug bounty program, and many vendors are taking a fresh look. While the programs are highly effective, many questions remain about how to structure bug bounty programs to address the concerns that vendors and researchers have about controlling bug hunters, security and privacy, contractual issues with bug hunters, what happens if there is a rogue hacker in the crowd, and liability and compliance concerns. This presentation will cover the best practices for structuring effective bug bounty programs.


Presenters:

  • Jim Denaro - Partner - CipherLaw
    Jim is a registered patent attorney in the Washington, D.C. area and advises clients on offensive and defensive applications of intellectual property. Jim has particular expertise in information security and cybersecurity technologies, and is a frequent speaker and writer on the subject. Jim has experience in a broad range of information security technologies including intrusion detection and prevention, botnet investigation, malware discovery and remediation, and symmetric and asymmetric cryptography. Jim also has experience in wireless protocols and devices, VOIP protocols and systems, optical data storage, and ASIC design.
  • Casey Ellis - Founder and CEO - Bugcrowd Inc
    Casey Ellis, CEO and founder of Bugcrowd has spent 14 years in information security, servicing clients ranging from startups to multinational corporations as a security and risk consultant and solutions architect. He has presented at Derbycon, Converge, SOURCE Conference, and the AISA National Summit. Before relocating from Sydney Australia to San Francisco with Bugcrowd, he founded White Label Security, a white-labelled penetration testing company; and served as the CSO of Scriptrock. A former penetration tester, he likes thinking like a bad guy without actually being one.

Links:

Similar Presentations: