Bugcrowd Blog

2017 Bug Bounty Resolutions

Posted by Sam Houston on Jan 3, 2017 12:21:59 PM

The new year is a great time to reflect on the past year and set new goals for the year ahead. To help the Bugcrowd community achieve success in 2017, we've outlined a few New Year's resolutions for bug hunters and bug bounty program managers. Have other resolutions? We want to hear what they are! Tweet us.


For bug hunters...

1) Increase your odds

Bug hunting is all about being the first to find a bug. Sometimes skills alone aren’t enough. Preparation, consistency, perseverance and due diligence are also crucial. Here are a few tips on successful bug hunting…

2) Maximize bounty payouts

In addition to being prepared to find more vulnerabilities, there are simple ways to improve and maximize your bounty payouts...

  • Write better POCs. It is incredibly important to articulate your work clearly. Use simple language, attach screenshots or video to your submission. By ensuring that your work is understood, you optimize your chances of getting paid for your work. This post by PlanetZuda is a great resource.
  • On that note, continue to learn from others. We recommend all of our researchers–beginners to experts–study the methodologies of other successful bug bounty hunters. Check out this post that includes tips from top hackers.
  • Here's a great post on how to fit bounties into your schedule and maximize payouts.

 

3) Stay up-to-date with the bug hunting community

The bug bounty space is changing rapidly with new program launches and updates weekly. We make it easy to stay up to date, but you should do you part as well.

 

For bounty program owners...

1) Get to know your researchers

As you’re running and managing your bug bounty program, keep in mind the motivations of researchers. Based on your program goals, tweak your program to incentivize different types of researchers with different skill sets…

2) Understand your KPI's

It’s important to monitor the results of your program to improve your secure coding practices, give your executive board benchmarks, and to improve your security.

  • Use our newly improved ‘Insights Dashboard’ to your advantage to understand what kinds of bugs are being reported, manage your spend, and adjust your program accordingly.
  • One of the most important key performance indicators that drive consistent success to bounty programs is response time. The faster a bug hunter hears from you and receives payment, the more time they will spend on your programs, and word travels fast...

3) Level up your program

Bounty programs should never be stagnant. To achieve consistent success, meet organizational goals, and gain attention from top talent, you should constantly keep an eye on your program. This may mean increasing your reward range over time, adding new targets to your scope, or running a special campaign to illicit attention on certain applications...

 

For everyone...

This resolution applies not only to bug hunters and bounty program owners but all members of the InfoSec community...

We're building this community together and we all can make a positive impact.

Every day we can work together to build a more respectful, empathetic and empowering security community. Each of us has experience and expertise that we can share to better the collective whole. We all want to be respected, appreciated, and successful, and keeping this in mind is a good first step. By helping and respecting one another, we can achieve even greater success in the new year.

We wish you all a prosperous and exciting 2017!

Interesting
Sam Houston

Written by Sam Houston

Senior Community Manager at Bugcrowd. Sam's passionate about working to foster the best researcher community on the web. Prior to joining the security industry Sam worked for Couchsurfing, Electronic Arts, Playfish, and gamerDNA.