Previous proposalSRE Approach to Supporting Products as a PaaS Internally
Next proposalPOLARDB - A database architecture for the cloud
Bug Bounties for organizations
This BOF session will be in continuation of the talk by Shadab. The main agenda behind the session is to bring out a discussion and help organizations get started with the bug bounties. Bug bounties in short are the easiest way to leverage the information security community and individuals in general to help shore up an organizations defences.
Who should attend
We expect the session to be useful for any organization or individual planning to run bug bounty programs, or already doing it and looking to see how others are doing it.
- Should you setup your own or go for crowd sourced platform ( pointers on when to choose what)
- what problems/struggles exist(technically/logistically) if you want to start your own especially in India
- points to take care while planning / launching and running a bug bounty
- how does leadership understand BB and what are ways to have their buy in and what’s their expectation and fear from it
This session will be run in an unorganized manner however some key points of discussion we think would be useful are:
- Should an organization be getting into bug bounty. if yes when do you know you are ready
- How to convince the management about launching bug bounties
- What would be a better choice going independent or joing a platform
- How do you decide payouts (money, swag, wall of fame)
- Real life challenges faced while running bug bounty programs
- How to handle bug triaging
- How to handle respectful communications and enforce rules
The discussion will revolve around bug bounties however we will not be covering bug hunting as part of this discussion.
As this is discussion session we expect people to bring out the questions that matters to them. Experiances or hurdles faced during the discussion, pre launch or after launch. Bring out the pain points and we can try to brain storm on those together as a collective. The only limitation would be in going too specific as all organizations are unique with own workflows we will try to keep discussions to pointers and suggestions on a broader level.
Shadab Siddiqui, Ankur Bhargava, Shubham Mittal, Anant Shrivastava will participate in this session