Moderating a Bug Bounty Panel During AppSec USA 2017 ... and More

Moderating A Bug Bounty Panel During AppSec USA 2017.jpg

A few months ago, Cassio Goldschmidt submitted a panel discussion for consideration as part of the upcoming AppSec USA 2017 conference in Orlando, Florida. Cassio asked that I moderate the conversation. There was no question - I love this topic and I was in!

Agreeing to wear the moderator hat for this part of the event, I will join the following folks for an in-depth discussion surrounding the what, how, and why for bug bounty programs:

- Cassio Goldschmidt, Stroz Friedberg, an AON company
- Sean Melia, Gotham Digital Science
- Michael Stoker, Baker & McKenzie
- Michael Gallagher, PayPal

We'll do our best to squeeze as much as we can out of the 45 minutes we have scheduled to cover the following topics in a meaningful manner:

  • Overview of bug bounty programs
  • How bug bounties fit in to the overall application security stack
  • Starting a bug bounty program
  • Running an effective bug bounty program
  • Managing and communications surrounding the bug bounty program
  • Rewards and payouts to the bug bounty hunters (the 'bounters')

For those attending the conference that are interested in adding this session to their schedule, you can view is on the AppSec USA 2017 site here:

While I am there, I will also wear my journalist hat (of course), capturing cybersecurity and privacy trends and anomalies as I can uncover them. With this in mind, these are some of the sessions I plan to sit in on, time permitting:

You can listen to a podcast I did with Jim Manico on the topic of the latest OWASP Top 10 here:

Jim Manico and Sean Martin discuss the value of OWASP and challenges maintaining the OWASP Top 10

Hopefully I will see you there. And, with any luck, you'll be able to join me and the other panelists for our session on Bug Bounty programs.


Sean Martin, Editor-in-Chief, ITSPmagazine



Thanks to Edgescan and Prevoty for their support of application security and continuous vulnerability awareness.