A few months ago, Cassio Goldschmidt submitted a panel discussion for consideration as part of the upcoming AppSec USA 2017 conference in Orlando, Florida. Cassio asked that I moderate the conversation. There was no question - I love this topic and I was in!
Agreeing to wear the moderator hat for this part of the event, I will join the following folks for an in-depth discussion surrounding the what, how, and why for bug bounty programs:
- Cassio Goldschmidt, Stroz Friedberg, an AON company
- Sean Melia, Gotham Digital Science
- Michael Stoker, Baker & McKenzie
- Michael Gallagher, PayPal
We'll do our best to squeeze as much as we can out of the 45 minutes we have scheduled to cover the following topics in a meaningful manner:
- Overview of bug bounty programs
- How bug bounties fit in to the overall application security stack
- Starting a bug bounty program
- Running an effective bug bounty program
- Managing and communications surrounding the bug bounty program
- Rewards and payouts to the bug bounty hunters (the 'bounters')
For those attending the conference that are interested in adding this session to their schedule, you can view is on the AppSec USA 2017 site here: http://sched.co/BHge
While I am there, I will also wear my journalist hat (of course), capturing cybersecurity and privacy trends and anomalies as I can uncover them. With this in mind, these are some of the sessions I plan to sit in on, time permitting:
- KeyNote - Discussion on Application Security: John Steven and Jim Manico will be discussing application security from a unique perspective.
- An Investigation into the Differences Between Web Application Scanning Tools when Scanning for XSS and SQLi
- Leveraging Blockchain for Identity and Authentication in IoT is good for Security
- KeyNote - Runa A. Sandvik: Building a Culture of Security at The New York Times
You can listen to a podcast I did with Jim Manico on the topic of the latest OWASP Top 10 here:
Hopefully I will see you there. And, with any luck, you'll be able to join me and the other panelists for our session on Bug Bounty programs.