This year, one of our favorite customers will be speaking at one of our favorite conferences where they will discuss why they implemented a bug bounty program, and how the results and learnings have influenced their internal security culture and testing processes.
Today our CEO, Casey Ellis, and founder and attorney at Cipher Law, James Denaro stepped on stage at AppSecUSA 2016 to talk about the logistics and legalities of bug bounties. They talked through some of the most common concerns people have about bug bounties and discussed both ways to address those concerns, as well as implement liability controls.
Now that we've rested our feet, drank some water, and adjusted from the Las Vegas time warp, we thought we'd give a brief recap of our week. In the six days we spent boots down in Vegas, we caught some great talks with some of our favorite people, threw, sponsored and attended awesome events, and as always, met amazing folks from the InfoSec community.
This March I had the opportunity to travel to India and speak at the Nullcon security conference as part of the first Bounty Craft Track - 1.5 days devoted entirely to the art of bug bounty hunting with researchers and members of the security teams from Bugcrowd, Microsoft, Google, Facebook, and Mozilla. This was a great opportunity for vendors and researchers to engage in interactive conversations, and to share techniques and war stories. And it was awesome to meet dozens of our Crowd members in person, including two of our 2016 Buggy Award winners, Harie_cool and Vishnu_Vardhan_Reddy!
Bugcrowd is excited to partner with Microsoft, Facebook, Google, and Mozilla at Nullcon 2016 for the first ever "Bounty Craft" Track - 1.5 days devoted entirely to the art of bug bounty hunting.
With the explosive growth of the security research community in India, Nullcon provides a great opportunity for vendors and researchers to engage in interactive conversations, and to share techniques and war stories. If you're attending Nullcon, we hope you'll join us tonight and tomorrow!
My favorite thing about going to conferences is establishing the underlying trends behind the questions I’m asked. We’re only half-way through RSAC/BSides week, and already the dominant question is clear:
When is the government going to start a bug bounty program?
Here’s my answer:
The government has no choice but to adopt a crowdsourced model for vulnerability discovery, it’s more a question of when will the pain of staying the same exceed the pain of change.
At DEFCON 23 this year we interviewed a few members of the Bugcrowd Researcher community, getting their impressions of DEFCON and gathering some tips & tricks for bug bounty hunters.
Welcome to Bugcrowd's 2015 Guide to Hacker Summer Camp, an overview of what we think folks should check out this week in Vegas. Our team is going to be quite busy this week, presenting six times across all three shows, as well as hosting several events throughout the week.