Clowntown express, interesting bugs and running a bug bounty program

Presented at ToorCon San Diego 15 (2013), Oct. 20, 2013, 11:30 a.m. (20 minutes).

Facebooks bug bounty program has discovered a number of serious, wacky, interesting and hilarious bugs. This talk will mostly be about those bugs and the lessons we can learn from them. Will also speak to the process of setting up and running a bug bounty program and how it compares to the alternatives (hiring, static/dynamic analysis tools, consultants, etc).

Presenters:

• Collin Greene
  Collin works on product security for facebook and enjoys carne asada fries

Similar Presentations:

• AppSec USA 2016 / If You Can’t Beat ‘Em Join ‘Em: Practical Tips For Running A Successful Bug Bounty Program
• BSides Austin 2016 / If You Can't Beat 'Em, Join 'Em: Tips For Running a Successful Bug Bounty Program
• DeepSec 2020 „The Masquerade“ / Scaling A Bug Bounty Program