DeepSec 2020 Talk: Scaling A Bug Bounty Program – Catalin Curelaru
Hacking, hackers and bug bounties are really getting constant headlines into the mainstream news. In the past few years we have seen an impressive growth in Bug Bounty Programs and at this point we really need to ask: Is a Bug Bounty Program a new layer to secure applications? Implementing a Bug Bounty Program can be challenging and requires some understanding of the nuances of how to make it successful or not. Actually, running a successful bug bounty program starts far before it is launched officially. What are the prerequisites and why can we consider a bug bounty program as a layer for your Application Security Program? How do you measure if you are successful or not and what are the KPIs? When are you ready to start such a program? Based on the