logo

Planning a Bug Bounty: The Nuts and Bolts from Concept to Launch

Conference:  BlackHat USA 2019

2019-08-08

Abstract

Thinking about launching a vulnerability disclosure or bug bounty program and not sure where to start? Do you use a bug bounty platform or self-host; hire a 3rd party service provider or run things yourself? What should your program rules contain, and how should you engage your legal team? How much should you reward, and how do you pay researchers? How do you build partnerships with engineering teams and what do long product release cycles mean? There are lots of things to consider when planning a bounty program, and we’ll give you an actionable punch list of operational decisions to go through to ensure you’re set up for success!

Materials:

Tags:

Post a comment

Related work





Conference:  BlackHat USA 2019
Authors:
2019-08-07

Conference:  Defcon 31
Authors: Matthew Harris Student, Medford Vocational Technical High School, Noah Gibson, Scott Campbell, Zachary Bertocchi
2023-08-01