DeepSec 2020 Talk: Scaling A Bug Bounty Program – Catalin Curelaru

Sanna/ October 8, 2020/ Conference

Hacking, hackers and bug bounties are really getting constant headlines into the mainstream news. In the past few years we have seen an impressive growth in Bug Bounty Programs and at this point we really need to ask: Is a Bug Bounty Program a new layer to secure applications?

Implementing a Bug Bounty Program can be challenging and requires some understanding of the nuances of how to make it successful or not. Actually, running a successful bug bounty program starts far before it is launched officially.

  • What are the prerequisites and why can we consider a bug bounty program as a layer for your Application Security Program?
  • How do you measure if you are successful or not and what are the KPIs?
  • When are you ready to start such a program?

Based on the experience with the implementation of the Bug Bounty Program at Visma, and also from the Bug Triager point of view, you can find key points why every company should implement it and how to fit it into your AppSec Program.

During the “Scaling a Bug Bounty Program” presentation you will learn what a successful program looks like. Also there will be some practical tips and tricks to optimize your program and why you should consider this as your ultimate layer of Application Security.


Catalin is a passionate cybersecurity professional for whom security is more than a job, it’s a habit. He works at Visma as a Product Security Engineer, enjoying his time at the Product Security Operations team and is the OWASP Timisoara Chapter Leader aiming to create a strong local security community focused on improving the application security world. He has also several recognized certifications in the security field like: MCSA, MCSE, Security+, CASP, CEH and is seeking to constantly learn in this wonderful area.

Share this Post